FBI Identifies Wallets Holding Cryptocurrency Funds Stolen by North Korea Summary:

Cyber Security Threat Summary:
The FBI in the United States issued a cautionary notice regarding the potential efforts of threat actors associated with North Korea to convert pilfered cryptocurrency, totaling over $40 million in value.

In a disclosure, the Federal Bureau of Investigation outlined the actions of six cryptocurrency wallets operated by entities connected to North Korea. These wallets possess approximately 1,580 Bitcoin, equivalent to around $41 million based on current valuations. Authorities suspect these funds are connected to the recent heist of a substantial sum of cryptocurrency, amounting to hundreds of millions of dollars.

“The investigation conducted by the FBI revealed that the TraderTraitor-affiliated actors moved approximately 1,580 bitcoin from several cryptocurrency heists to the following wallets:

  • 3LU8wRu4ZnXP4UM8Yo6kkTiGHM9BubgyiG
  • 39idqitN9tYNmq3wYanwg3MitFB5TZCjWu
  • 3AAUBbKJorvNhEUFhKnep9YTwmZECxE4Nk
  • 3PjNaSeP8GzLjGeu51JR19Q2Lu8W2Te9oc
  • 3NbdrezMzAVVfXv5MTQJn4hWqKhYCTCJoB
  • 34VXKa5upLWVYMXmgid6bFM4BaQXHxSUoL
TraderTraitor-affiliated hackers stole $100 million from Atomic Wallet in June, $60 million from Alphapo, and $37 million from CoinsPaid in July.” (SecurityAffairs, 2023).

Security Officer Comments:
Historically, Advanced Persistent Threat (APT) groups with ties to North Korea have primarily directed their efforts toward stealing cryptocurrency assets. Research indicates that the breach of Harmony's Horizon bridge and Sky Mavis' Ronin Bridge can be attributed to these North Korea-linked threat actors.

The FBI advises private sector entities to meticulously scrutinize the blockchain data associated with these wallet addresses and exercise caution when engaging in transactions directly involving or stemming from these addresses. The FBI's commitment to unveiling and countering North Korea's involvement in illicit activities, encompassing cybercrimes and the pilfering of virtual currency, remains resolute.

Suggested Correction(s):
  • Organizations can make APT groups’ lives more difficult. Here’s how:
  • Defense-in-depth strategy: A comprehensive defense-in-depth strategy is crucial to combat APTs. This includes implementing multiple layers of security controls, such as strong perimeter defenses, network segmentation, endpoint protection, intrusion detection systems, data encryption, access controls, and continuous monitoring for anomalies.
  • Threat intelligence and sharing: Ideally, organizations should actively participate in threat intelligence sharing communities and collaborate with industry peers, government agencies, and security vendors. Sharing information about APTs and their techniques can help detect and mitigate attacks more effectively.
  • Employee education and awareness: Regular security awareness programs, phishing simulations, and training sessions can educate employees about the latest threats, social engineering techniques, and safe computing practices.
  • Incident response and recovery: Despite preventive measures, organizations should have a well-defined incident response plan. This includes incident detection, containment, eradication, and recovery procedures to minimize the impact of APT attacks and restore normal operation