- ITDM 2025 전망 | “불경기 시대 속 콘텐츠 산업··· 기술이 돌파구를 마련하다” CJ ENM 조성철 엔터부문 CIO
- 50억 달러 피해에서 700명 해고까지··· 2024년 주요 IT 재난 8선
- Network problems delay flights at two oneworld Alliance airlines
- Leveraging Avaya Experience Platform to accelerate your digital banking transformation
- The best iRobot vacuums of 2024: Expert tested and reviewed
FBI Confirms Lazarus Group Was Behind $100m Harmony Hack
The US Federal Bureau of Investigation (FBI) has confirmed that North Korea’s Lazarus Group and APT28 were behind the $100m theft from cryptocurrency firm Harmony revealed in June 2022.
Writing in its official blog on Monday, the Bureau said it spotted the North Korean cyber actors using the privacy protocol Railgun to launder over $60m worth of Ethereum (ETH) stolen during the heist.
“A portion of this stolen Ethereum was subsequently sent to several virtual asset service providers and converted to bitcoin (BTC),” reads the post.
The FBI also said that while some of these funds were frozen (in coordination with some virtual asset service providers), the remaining Bitcoin eventually moved to 11 identified addresses.
“FBI Los Angeles and FBI Charlotte […] continue to identify and disrupt North Korea’s theft and laundering of virtual currency, which is used to support North Korea’s ballistic missile and weapons of mass destruction programs,” the Bureau wrote.
According to Kevin Bocek, VP of security strategy and threat intelligence at Venafi, Lazarus is known for stealing cryptocurrency by exploiting machine identities, so the attribution of the Harmony attack is not surprising.
“When disclosing the breach, Harmony provided evidence that its private keys – a core component of machine identity – were compromised, opening the door to Lazarus and enabling it to decrypt data and siphon off funds. This shows the power of machine identities falling into the wrong hands.”
Further, Bocek explained that Venafi’s research showed that attacks from North Korean threat groups are often financial.
“Cybercrime has become an essential cog in the survival of Kim’s dictatorship, enabling North Korea to evade international sanctions and fund its weapons programs,” the security expert added.
“Any company that offers a financial gain to North Korean threat groups could be a target, particularly in the relatively unregulated cryptocurrency industry.”
The fact that the Lazarus Group may be behind the $100m Harmony hack was first suggested by blockchain analytics company Elliptic days after the breach was revealed.
More recently, the threat actors were associated with the exploitation of a Dell driver vulnerability and a series of macOS malware infections.
