Last updated:
A recent study by Microsoft revealed that North Korean hackers have stolen more than $3 billion in cryptocurrency since 2017. The heists total between $600 million and $1 billion in 2023 alone.
Microsoft’s Digital Defense Report for 2024 highlighted the complexity of the global cyber threat landscape, driven by increasing crypto attacks.
Per the report, unveiled Thursday, the stolen crypto funds reportedly finance over half of North Korea’s nuclear and missile programs. White House Cyber Deputy National Security Advisor Anne Neuberger noted that North Korea’s misuse of these tactics is increasing.
The country uses cryptos “to evade harsh sanctions and support its ambitions to project geopolitical power through nuclear weapons and ballistic missiles.”
Since 2023, Microsoft has identified three major North Korean threat groups Jade Sleet, Sapphire Sleet, and Citrine Sleet. These players have been particularly active in targeting cryptocurrency organisations, it added.
Additionally, Moonstone Sleet, a new North Korean threat actor, developed a custom ransomware variant called FakePenny. The notorious group deployed the ransomware at defence and aerospace organisations after exfiltrating data from the impacted networks.
Microsoft analysts noted that the emergence of threat actor groups suggests an increasing use of cybercriminal tools to boost the North Korean regime’s financial resources.
Microsoft Report Identifies Iranian, Russian Threat Actors
In addition to North Korean threat groups, the Microsoft report also identified Iranian nation-state threat actors seeking financial gains from scandalous cyber operations.
“This marks a change from previous behaviour, whereby ransomware attacks that were designed to appear financially motivated were actually destructive attacks,” the report read.
Iran placed significant focus on Israel, especially after the outbreak of the Israel-Hamas war. Iranian actors have continued to target the US and Gulf countries, including the UAE and Bahrain, the report added.
Additionally, Russian threat actor groups have integrated more commodity malware in their operations, outsourcing cyber espionage operations to criminal groups.