The U.S. Federal Bureau of Investigation (FBI) on Monday confirmed that North Korean threat actors were responsible for the theft of $100 million in cryptocurrency assets from Harmony Horizon Bridge in June 2022.
The law enforcement agency attributed the hack to the Lazarus Group and APT38 (aka BlueNoroff, Copernicium, and Stardust Chollima), the latter of which is a North Korean state-sponsored threat group that specializes in financial cyber operations.
The FBI further stated the Harmony intrusion leveraged an attack campaign dubbed TraderTraitor that was disclosed by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in April 2022.
The modus operandi entailed utilizing social engineering tricks to deceive employees of cryptocurrency companies into downloading rogue applications as part of a seemingly benign recruitment effort.
“On Friday, January 13, 2023, North Korean cyber actors used RAILGUN, a privacy protocol, to launder over $60 million worth of ethereum (ETH) stolen during the June 2022 heist,” the FBI said. “A portion of this stolen ethereum was subsequently sent to several virtual asset service providers and converted to bitcoin (BTC).”
images from Hacker News