North Korea has dominated the hacking-related aspect of the crypto industry’s news cycle this week. From attempted attacks to fresh discoveries, the country has been the focus of several stories. However, the latest development in the country highlights one of its most notorious hacking groups and its apparent resurgence.
The BeagleBoyz Are Back
This week, the United States Department of Homeland Security (DHS) issued an alert confirming that the government has been monitoring the resurgence of BeagleBoyz, a hacking group sponsored by Pyongyang. The report explained that investigation efforts have been carried out by the Treasury Department, the FBI, and the U.S. Cyber Command.
As the report explained, the BeagleBoyz hacking group hasn’t been quite as active in the last five years. In that time, the Lazarus Group — a syndicate with strong links to the North Korean regime — has spearheaded the country’s cybercrime efforts. Despite the BeagleBoyz decline, it was still able to steal at least $2 billion since 2015. Most of the thefts were linked to cryptocurrency companies, according to the DHS.
Now, the group appears to have restructured and is gearing up for an attack. The DHS report explained that the BeagleBoyz group is currently developing “irreversible theft” methods and is targeting cryptocurrency exchanges. The group reportedly plan to use malware, especially COPPERHEDGE — a remote access Trojan developed to target bitcoin exchanges. The tool is adept at stealing data and compromising systems.
The DHS report also explains that BeagleBoyz could be looking to target financial institutions across the world. Given the exploits of other North Korea-affiliated hacker groups, the agency warns that companies be additionally vigilant.
North Korea’s Hacking Blitz
North Korea has been on a hacking spree recently. The company, which many believe is running cybercrime efforts to bolster its weapons program, has been contracting its operations to several hacker groups.
Last week, the U.S. Army explained in a report that the government had a department that oversaw its cybercrime exploits. Named Bureau 121, the group reportedly manages four cybercrime groups.
The U.S. Army report pointed out that the departments are scattered across the world, as North Korea’s limited funds and IT infrastructure made the country unfit to support its operations. Most hackers are located in countries like Belarus, Russia, India, China, and others.
Going deeper, the report highlighted two groups. The first was known as Bluenoroff, and it dealt explicitly with financial crime. The group reportedly has over 1,700 members and conducts attacks “by concentrating on long-term assessment and exploiting enemy network vulnerabilities.”
The other is the infamous Lazarus Group — an organization that reportedly made North Korea over $2 billion from hacks in 2019 alone. The Lazarus Group has continued to operate at full strength. This week, Finnish cybersecurity firm FSecure reported that the group had been posting -ake job listings on LinkedIn to attract top talent in the blockchain and crypto industries. The job listings allegedly contain documents that release malware on to the victims’ computers when opened.
A representative from the cybersecurity firm explained that the malware works to fetch victims’ login credentials. The hackers will then use the credentials to access their network and find ways to steal their cryptocurrencies.