US Department of Justice (DoJ) Charged Two Chinese Nationals with Money Laundering $100M for North Korea Hackers
US Department of Justice (DOJ) charged two Chinese nationals with money laundering for a North Korea hacking operations. The indictment names Tian Yinyin and Li Jiadong, who were both charged money laundering conspiracy and operating an unlicensed money transmitting business. The two were also and sanctioned by the US Treasury. The cybercrime is connected to Lazarus Group, a state Sponsored advanced persistent threat (APT) hacking group that works for the Democratic People’s Republic of Korea (DPRK). Lazarus Group is also know as APT38.
“These defendants allegedly laundered over a hundred million dollars’ worth of stolen cryptocurrency to obscure transactions for the benefit of actors based in North Korea,” said Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division.
In April 2018, an employee of an unmade cryptocurrency exchange downloaded malware delivered vis a phishing email. After infecting the target machine, the malware gave the North Korea hackers remote access to the cryptocurrency exchange and access to customers’ personal information and accounts. The North Koreans hacked into the virtual currency exchange and managed to steal about $250 million in cryptocurrencies.
Malicious cyber activity is a major revenue generator for North Korea. Secretary Steven T. Mnuchin from the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) aid “The North Korean regime has continued its widespread campaign of extensive cyberattacks on financial institutions to steal funds”
Tian and Li received approximately $91 million stolen in April 2018 from North Korea controlled crypto exchange accounts. Another $9.5 million was received from a separate crypto exchange hack. The stolen money was moved and laundered through a series of cryptocurrency accounts and gift cards to make it hard to trace. The DOJ complaint lists 113 virtual currency accounts and addresses that were used to launder virtual money.
As a result of the US treasury sanctions, all property and interests in property belonging to Tian Yinyin or Li Jiadong that are within the United States or in the possession or control of any US citizen must be blocked and reported to OFAC.
What is an APT Hacking Group?
An advanced persistent threat group, or APT group, is any professional hacking organization that work at the behest of a government. APT groups are highly skilled and tend to work with low and slow approaches. Meaning their hacking tactics, like malware and spyware, work to infect computers, phones, and IT networks quietly so they can infect as many systems as possible for long periods of time while evading detection. APT malware has been known to persist on networks for years before it is detected. Each APT group seems to focus on certain specialties – like corporate espionage, monetary theft, government secrets. They also may work in certain geographical areas – like Asia, Europe, North America. Their skills and activity are tracked by cyber security research groups where they are tacked by numbers, proficiency, and type of malware used. Advanced Persistent Threat Groups are often given names which relate to the country they work for. Lazarus Group is also known as APT38, Bluenoroff, and Andariel.