A recent study by Microsoft reveals that North Korean hackers have pilfered more than $3 billion in cryptocurrency since 2017, with 2023 alone accounting for between $600 million and $1 billion of that total. The findings were highlighted in Microsoft’s Digital Defense Report for 2024, which was released on Thursday.
According to the report, the stolen crypto funds are believed to finance over half of North Korea’s nuclear and missile programs. Anne Neuberger, Deputy National Security Advisor for Cyber at the White House, emphasized the increasing misuse of these tactics by North Korea to evade sanctions and support its ambitions to project geopolitical power through nuclear weapons and ballistic missiles.
Microsoft identified three major North Korean threat groups—Jade Sleet, Sapphire Sleet, and Citrine Sleet—active in targeting cryptocurrency organizations. Additionally, a new group, Moonstone Sleet, has created a custom ransomware variant called FakePenny, which has been deployed against defense and aerospace organizations after exfiltrating sensitive data.
The emergence of these threat actor groups indicates a growing reliance on cybercriminal tools to bolster the North Korean regime’s financial resources.
Other Threat Actors Identified
The Microsoft report also points to Iranian nation-state actors engaging in financially motivated cyber operations. This marks a shift from previous tactics, where ransomware attacks disguised as financially motivated were actually destructive in nature. Following the outbreak of the Israel-Hamas war, Iranian actors have focused their efforts on Israel and have continued to target the U.S. and Gulf countries, including the UAE and Bahrain.
Moreover, Russian threat groups are increasingly using commodity malware and outsourcing cyber espionage tasks to criminal organizations.
The post North Korean Hackers have Stolen $3B in Cryptocurrency Since 2017 appeared first on Koinreport.
