The advisory also noted that North Korean hackers use social engineering tactics on various communication platforms to “trick victims into downloading trojanized cryptocurrency applications on both Windows and macOS operating systems.”
Relevant Cybersecurity Advisories:
- IC3 Public Service Announcement (2025)
- TraderTraitor Cybersecurity Advisory (2022)
- Hidden Cobra FASTCash Campaign (2018)
- North Korean Cyber Threat Advisory (2020)
A History of North Korean Hacking
This is not the first large-scale cryptocurrency theft attributed to North Korean hackers. In 2023, the same state-sponsored group was responsible for a $600 million crypto theft.
North Korea first gained global notoriety for its cyber activities in 2014 when it allegedly hacked Sony Pictures in retaliation for The Interview, a satirical film starring Seth Rogen and James Franco, which depicted a fictional assassination attempt on North Korean Supreme Leader Kim Jong Un.
How North Korean Hackers Operate
North Korean hacker groups use a combination of technical expertise and social engineering tactics to compromise systems. Their primary techniques include:
- Deploying malicious TraderTraitor applications to gain access to victim networks.
- Exploiting security vulnerabilities to steal private keys.
- Laundering stolen funds through thousands of blockchain addresses before converting them into fiat currency.
The Lazarus Group and State-Sponsored Cybercrime
Despite lacking free public internet access, North Korea has developed an elite hacking force, including the infamous Lazarus Group, which has been linked to numerous financial crimes worldwide.
