(Tokyo) A group of North Korean hackers stole cryptocurrencies worth a total of more than $300 million from the Japanese exchange platform DMM Bitcoin, according to Japanese police and American intelligence.
Published yesterday at 10:16 p.m.
The TraderTraitor group, believed to be part of the Lazarus group, which itself is linked to the authorities in Pyongyang, is behind the hack, the Japanese National Police Agency said on Tuesday.
The Lazarus Group rose to prominence in 2014 when it was accused of hacking Sony Pictures Entertainment studios in retaliation for the satirical film about North Korea The Interview.
The US FBI detailed in a separate statement on Monday “the theft of cryptocurrencies worth US$308 million from the Japan-based company DMM by North Korean cyber actors”.
The American domestic intelligence service describes a “targeted social engineering” operation (which consists of collecting data on its target to mislead them with credible messages), in which a hacker posed as a recruiter in order to contact an employee of another cryptocurrency exchange platform.
He sent the employee what appeared to be a pre-employment test, which contained a malicious line of code. This allowed the hacker to impersonate the employee, the FBI said.
“The FBI, Japan National Police Agency, and other partners in the U.S. government and international community will continue to expose and combat North Korea's use of illicit activities — including cybercrime and theft of cryptocurrencies to generate income for the regime,” the statement added.
North Korea's cyberwarfare program dates back to at least the mid-1990s.
According to a 2020 US military report, North Korea's cyberwarfare unit, “Office 121”, has 6,000 members who also operate from abroad, including Belarus, China, India, from Malaysia or Russia.