A report from Chainanalysis found the attacks targeted primarily investment firms and centralised exchanges, and made use of phishing lures, code exploits, malware, and advanced social engineering to siphon funds.
Once North Korea gained custody of the funds, the hackers began a careful laundering process to cover up and cash out.
Last year, experts at the United Nations said that North Korea was using the crypto funds to help finance its domestic nuclear weapons programme. In 2019, the renegade state was found to have launched 35 cyber attacks on 17 countries with that express purpose. It was also blamed for the WannaCry virus which took down NHS computer systems in 2017.
Chainanalysis said the complex tactics employed by the North Korean hackers have led many security researchers to characterise them as advanced persistent threats (APTs).
This is especially true for APT 38, also known as “Lazarus Group,” which is led by the country’s primary intelligence...