An engineer at blockchain gaming company Sky Mavis last year thought he was on the verge of a new job that would pay more.
A recruiter reached out to him on LinkedIn, and after the two spoke on the phone, the recruiter gave the engineer a document to review as part of the interview process.
But the recruiter was part of a large North Korean operation aimed at funding the cash-strapped dictatorship.
And the document was a Trojan Horse, a malicious computer code that gave the North Koreans access to the engineer's computer and allowed hackers to break into Sky Mavis.
They ultimately stole more than $600 million - mostly from players in Sky Mavis' digital pet game Axie Infinity.
According to blockchain analytics firm Chainalysis, this was the country's biggest hit in five years of digital heists that brought North Koreans more than $3 billion.
US officials say that money was used to finance about 50% of the ballistic missile program that North Korea is developing with its nuclear weapons.
Defense accounts for a very large portion of North Korea's overall spending; The State Department estimates that in 2019, Pyongyang spent about $4 billion on defense, accounting for 26 percent of its overall economy.
The firm's business manager, Aleksander Larsen, said that although Sky Mavis had reimbursed victims of the cyberattack, the incident threatened the existence of the then-four-year-old company.
"When you look at the amount of funds stolen, [it] will seem like an existential threat to what you're building."
/cdn.vox-cdn.com/uploads/chorus_asset/file/9449791/shutterstock_498172096.jpg)
The incident also caught the attention of the White House, and this and other crypto attacks by North Korea throughout 2022 have raised serious concerns.
"The main spike over the past year has been against the centralized crypto infrastructure that holds large sums worldwide like Sky Mavis, which has led to larger-scale heists," said Anne Neuberger, President Biden's deputy national security adviser for cyber and new technologies.
"This has pushed us to focus heavily on countering these activities."
North Korea's digital thieves began carrying out their first major crypto attacks around 2018.
Since then, North Korea's missile launch attempts and successes have mushroomed, with more than 42 successes observed in 2022, according to data tracked by the James Martin Center for Nonproliferation Studies.
U.S. officials have warned that not so much is known about the country's funding sources due to Western sanctions, and that it is not possible to fully understand the role crypto theft plays in the escalation of missile tests.
But testing by Kim Jong Un's reclusive regime has come at the same time as an alarming rise in crypto heists.
Nearly 50 percent of the foreign exchange financing for the purchase of foreign components for North Korea's ballistic missile program is now provided by the regime's cyber operations, Neuberger said.
This figure is a sharp increase from previous estimates, which accounted for one-third of the total funding for the programs.
US services say North Korea casts a shadow of thousands of IT workers operating around the world, including Russia and China, who make money—sometimes more than $300,000 a year—by producing mundane technology.
But researchers say this power is often linked to cybercrime operations.
Configurations such as Canadian IT educators, government officials, and self-employed Japanese blockchain developers.
They make video calls to get the job or masquerade as probable, as in Sky Mavis sampling.
US administrations say hackers linked to North Korea went from two years ago to infecting relevant US hospitals with ransomware (a type of cyberattack in which hackers lock down the victim company and demand payment to release them).
"It looks like today's hacker state," said Nick Carlsen, a former FBI analyst working for blockchain monitoring company TRM Labs.
Carlsen and others in the cryptocurrency industry say hiring these fake IT workers is a constant problem.
He says international experts have developed a digital bank robbery to bolster his ambition to project geopolitical power, which has long stemmed from North Korea's harsh sanctions and launched nuclear weapons and ballistic missiles.
A 2020 United Nations report found that hacking, which generates fix revenue, has proven "low capabilities, high security, and difficult to detect, and its increasing complexity can prevent it from being caught".
The US and other Western governments have blamed Korea for a series of brazen and sometimes haphazard cyberattacks, ranging from the 2014 Sony Pictures hack to the massive global ransomware attack in 2017.
But according to U.S. systems and security devices, the country has dramatically improved its technical sophistication to carry out big bangs, sitting increasingly focused on monetizing its cyberattacks.
"Most nation-state cyber programs are channeling espionage or attack capabilities for traditional geopolitical purposes," said Neuberger of the White House.
"North Koreans, on the other hand, are focused on theft and making money to get around in the times of international sanctions."
In 2016, hackers linked to North Korea stole $81 million from Bangladesh's central bank as part of a cyberattack attempt that went into the $1 billion blocked by the Federal Reserve Bank of New York.
North Koreans have also stolen money from ATMs and even earned more than $100,000 in crypto from a fast-spreading creature called WannaCry, but not all have been as lucrative as the crypto thieves who started in earnest in 2018, according to Erin Plante, vice president of contributions at Chainalysis.
“Very early snooping on crypto and they were some of the most advanced crypto users in the early days.”
As Pyongyang is more daring educators in social engineering, hacking is getting more technical in scope. North Korea's cybercrime prowess over the past year has observed US officials and researchers who have seen some local hackers listen to detailed guidelines that have not been observed anywhere else, he said.
In a notable attack earlier this year, hackers linked to North Korea carried out a chain attack in all of what security researchers describe as the first of their examples.
They broke into software manufacturers one by one and hacked their products to gain access to their customers' computer systems.
To orchestrate the attack, they first compromised the security of an online trading software maker called Trading Technologies.
A corrupted version of this company's product was later downloaded by an employee of 3CX, itself a software development company, who then used access to 3CX systems to corrupt that company's software.
According to researchers, North Koreans tried to enter 3CX customers, including cryptocurrency exchanges, from here.
Trading Technologies says it hired a forensics firm to investigate the incident, but deprecated the software in question in April 2020, about two years before 3CX was compromised.
3CX says it has improved its security measures since the attack.
Chief Executive Officer Nick Galea said the company didn't know how many customers were ultimately affected, but suspected a small number as it was caught quickly.
You can visit the link below to read the Turkish version of this news or article.
