According to a recent report by cybersecurity firm Mandiant, North Korean cyber operator APT43 has been exploiting cryptocurrency mining services to launder stolen currency and fund its espionage operations.
The group, which primarily targets South Korean and U.S.-based government organizations, academics, and think tanks, has been involved in strategic intelligence collection and financially-motivated cybercrime.
APT43 has turned to cryptocurrency services as a means to sustain its operations, using hash rental and cloud mining services to convert stolen cryptocurrency into clean currency.
These services provide hash power to mine cryptocurrency without any blockchain-based association to the buyer's original payments. The group has used payment methods such as PayPal, American Express cards, and Bitcoin, likely derived from previous operations, for infrastructure and hardware purchases.
Mandiant assesses APT43 as a moderately-sophisticated cyber operator supporting the North Korean regime. The group has been tracked since 2018, with its collection priorities aligning with the mission of North Korea's Reconnaissance General Bureau (RGB).
Vladislav Sopov