North Korean hackers use Telegram to steal cryptocurrency

UK victims among those targeted in Lazarus Group's cyber-theft campaign

Anthony Cuthbertson
Friday 10 January 2020 09:11 EST
Comments
Telegram's 300 million users around the world can now buy and trade bitcoin
Telegram's 300 million users around the world can now buy and trade bitcoin (iStock/ Composite)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Hackers from North Korea have developed a way to steal bitcoin and other cryptocurrency through the messaging app Telegram, according to new research.

Cyber security specialists from Moscow-based Kaspersky Labs said the notorious Lazarus Group, a hacking collective with links to North Korea, has come up with "enhanced capabilities" in order to target individuals and organisations around the world.

The cyber-theft campaign, referred to as Operation AppleJeus, has been ongoing since at least 2018 and has so far claimed victims in the UK, China, Poland and Russia.

The hackers lure in victims by setting up fake cryptocurrency websites, as well as fake trading groups on the Telegram app. Telegram did not respond to a request for comment.

Malicious links on the sites and groups then infect the target’s device and give attackers access to user data.

"Since the initial appearance of Operation AppleJeus, we can see that over time the authors have changed their modus operandi considerably," Kaspersky Researchers wrote in a report detailing the attacks. "We assume this kind of attack on cryptocurrency businesses will continue and become more sophisticated."

Cryptocurrency has been a consistent target of North Korean hackers in recent years, with experts saying it offers a "financial lifeline" to evade crippling economic sanctions and finance the development of nuclear weapons.

"Cryptocurrency exploitation is allowing North Korea to transact with the rest of the world in ways that aim to circumvent sanctions designed to curb its proliferation financing," Kayla Izenman, a research analyst who co-authored a paper on the phenomenon, told The Independent last year.

A UN report from 2019 estimated that North Korea has earned up to $2 billion in cryptocurrency by hacking online exchanges and organisations.

This far exceeded original estimates by the UN Security Council, which claimed the country had amassed around $670m worth of bitcoin and other cryptocurrencies.

North Korea has previously denied accusations that it engages in cyber crime, while simultaneously courting cryptocurrency and cyber security experts at conferences held in Pyongyang.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in