Ghosts Wandering in the Dark--North Korea's Crypto Asset Assault Front (2020s-2025)

Ghosts Wandering in the Dark--North Korea's Crypto Asset Assault Front (2020s-2025)

North Korea has been conducting cyberattacks targeting virtual currencies on a global scale under the orders of the state. At the center of these attacks is the Lazarus Group, an operative unit directly under the government. They are moving in the unseen darkness, using sophisticated and diverse methods to rob individuals and businesses of their virtual currency.

One of the typical attack methods used by this group is malware known as "trader traitors. At first glance, it appears to be a convenient tool for virtual currency transactions, but in reality, it secretly extracts wallet information and authentication information the moment it is installed by the user. In 2005, "Buybit," a major exchange in the United Arab Emirates, was attacked and assets worth approximately $1.5 billion were stolen. For this incident, the U.S. investigative agency announced that it had confirmed the use of malware.

Similarly, significant damage has also occurred in Japan. In the outflow of approximately $300 million worth of virtual currency from Japan's "DMM Bitcoin" in 2012, another malware called "Apple Juice" was reportedly used. This was specifically developed for a particular computer and has a mechanism for stealing information under the guise of a virtual currency management application.

In addition, a new malware called "Candy Corn" was also introduced. It primarily targets virtual currency technicians and is distributed under the guise of a profitable trading tool. In reality, it is sophisticated enough to extract internal information and install additional malware on its own. This malware was spread through exchange applications and other means.

The Lazarus Group's methods have become more complex over the years. They set up fake companies in the U.S., such as "Block Novus" and "Softglide," and approach developers posing as legitimate companies. In addition, they have been observed to exploit the remote control function of conference communication tools to infiltrate the terminals of virtual currency traders. There have also been cases reported of spreading infections by illegally modifying component management websites for development support.

Through a series of such attacks, North Korea has stolen trillions of yen in virtual currency over the past several years. Much of this money is believed to have been diverted to strategic national projects such as nuclear weapons development and missile production.

To protect oneself from such threats, one should obtain applications only from legitimate distribution sources and perform regular security checks. It is also essential as a basic measure not to open suspicious attachments or links and to use multiple means of authentication to secure accounts.

The new symbol of freedom, virtual currency, has also brought with it a deep darkness. The ghosts lurking in the shadows of nations are quietly wandering the world today, looking for their next target.

Related Information Summary

Trader Traitor: Used in the theft of approximately $1.5 billion worth of assets from Bybits in 2005.
Apple Juice": Used in the D.M.M. Bitcoin outflow in Japan in 2002.
Candy Corn: A new type of malware distributed to technicians.
Lazarus Group: Cyber attack force backed by North Korea
Block Novus" and "Softglide": Fake companies established in the U.S.
The functionality of conference communication tools and development component websites were exploited.
Stolen virtual currency is likely to be diverted to military and nuclear-related state projects.