There is analysis indicating that North Korean hackers are conducting cybercriminal activities, such as stealing cryptocurrency, by utilizing Russian internet infrastructure.
On April 24 (local time), cybersecurity firm Trend Micro stated in a report that it had identified several IP address ranges used in cybercriminal activities linked to North Korea within Russia.
According to the company, these IP addresses were concealed by a large-scale anonymization network that uses commercial virtual private networks (VPNs), proxy servers, and virtual private servers (VPS) accessed via remote desktop protocol (RDP). These addresses were allocated to Khasan and Khabarovsk in Russia.
Trend Micro analyzed, "This could lead to the hypothesis that North Korea's major cyberattack activities are either taking place within, or passing through, the internet infrastructure of Khasan and Khabarovsk in Russia." The company added, "This infrastructure was established in 2017 and has expanded in scale since 2023."
Additionally, the company reported that North Korea has deployed IT personnel to link two Russian IP addresses with two North Korean IP addresses, estimating that these personnel are working in countries such as China, Russia, and Pakistan.
According to the report, hackers linked to North Korea accessed job sites and cryptocurrency-related services using Russian IP addresses. In particular, they targeted IT professionals in the United States, Germany, and Ukraine on job sites, luring them with fake companies and fraudulent interviews.
Trend Micro explained that the hackers' goal was to steal cryptocurrency from these experts, who are interested in cryptocurrency, Web 3.0, and blockchain technology. The company further noted that Russian IP addresses were also used in activities that involved randomly entering numbers to crack the passwords of cryptocurrency wallets.
In recent years, North Korea has been suspected of stealing cryptocurrency through hacks on cryptocurrency exchanges and laundering the proceeds into cash, which is then allegedly used for nuclear weapons development and other purposes.
In January, the United States, South Korea, and Japan issued a joint statement officially attributing a $660 million cryptocurrency theft that occurred last year to North Korea. In February, Bybit, one of the world's largest cryptocurrency exchanges, was hacked and $1.46 billion worth of coins were stolen, an incident suspected to have been carried out by the North Korean hacking group Lazarus.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
