North Korean Crypto Hackers Keep Nose to the Grind

Cybercrime , Cybercrime as-a-service , Cyberwarfare / Nation-State Attacks

TA444 Is Adaptable and Hard Working Say Proofpoint Researchers Mihir Bagwe (MihirBagwe) • January 25, 2023    

A torrent of spam unleashed last December in a bid to harvest the credentials of U.S. and Canadian financial workers was an attempt by a North Korean for-profit hacking group to diversify its revenue stream.

Researchers at Proofpoint say the group they track as TA444 that month nearly doubled the total volume of spam sent over the previous 11 months – evidence of a hacking group that mirrors “startup culture in its devotion to the dollar and to the grind.”

See Also: OnDemand | Understanding Human Behavior: Tackling Retail’s ATO & Fraud Prevention Challenge

TA444 overlaps with other Pyongyang hacking groups known as APT38, Bluenoroff, BlackAlicanto, Stardust Chollima and Copernicium group.

North Korea is the rare country whose state-sponsored hackers attack for their country’s financial gain. As recently as Tuesday, the U.S. FBI attributed a $100 million theft from cryptocurrency bridge Horizon to North Korean hackers.

The United Nations in 2019 estimated that cryptocurrency and online bank heists have enabled Pyongyang to also invest $2 billion in its development of nuclear weapons and intercontinental ballistic missiles (see: North Korean Hacking Funds WMD Programs, UN Report Warns).

Proofpoint says it can’t rule out the possibility that TA444’s burst of activity is evidence of moonlighting. If that is the case, security researches should start to detect evidence

Read more

Explore the site

More from the blog

Latest News