How Lazarus Group laundered $200M from 25 hacks
Contents
1). Introduction
2). CoinBerry, Unibright, & CoinMetro hacks
3). Nexus Mutual founder hack
4). EasyFi hack
5). Bondly hack
6). Unreported hacks
7). MGNR and PolyPlay hacks
8). bZx hack
9). Steadefi and CoinShift hacks
10). Paxful and Noones accounts
11). Investigation results
12). Other Incidents
13). Acknowledgments
Bluenoroff or APT38, more commonly referred to as Lazarus Group is a threat group which has been tied to the North Korean government since as early as 2009 primarily being financially motivated utilizing malware custom built for each target.
Early on, the threat group gained notoriety for cyberattacks such as Sony Pictures Hack in 2014 and $81M Bangladesh Bank heist in 2016 and in more recent years has shifted focus to targets in the cryptocurrency industry.
Analytics firms such as TRM and Chainalysis release annual reports summarizing crypto related incidents linked to DPRK and since 2017 they estimate between $3B to $4.1B has been stolen.
The research in this article closely follows 25 hacks targeting companies and individuals …
2). CoinBerry, Unibright, & CoinMetro hacks
3). Nexus Mutual founder hack
4). EasyFi hack
5). Bondly hack
6). Unreported hacks
7). MGNR and PolyPlay hacks
8). bZx hack
9). Steadefi and CoinShift hacks
10). Paxful and Noones accounts
11). Investigation results
12). Other Incidents
13). Acknowledgments
Bluenoroff or APT38, more commonly referred to as Lazarus Group is a threat group which has been tied to the North Korean government since as early as 2009 primarily being financially motivated utilizing malware custom built for each target.
Early on, the threat group gained notoriety for cyberattacks such as Sony Pictures Hack in 2014 and $81M Bangladesh Bank heist in 2016 and in more recent years has shifted focus to targets in the cryptocurrency industry.
Analytics firms such as TRM and Chainalysis release annual reports summarizing crypto related incidents linked to DPRK and since 2017 they estimate between $3B to $4.1B has been stolen.
The research in this article closely follows 25 hacks targeting companies and individuals …
IoC
0040c81b7de0953e5b9fc056700479cace1b7500
0258c2af4fe694df026cca55d17feebd5b361acc
03e89f2e1ebcea5d94c1b530f638cea3950c2e2b
044bf69ae74fcd8d1fc11da28adbad82bbb42351
05492cbc8fb228103744ecca0df62473b2858810
0784051d5136a5ccb47ddb3a15243890f5268482
0864b5ef4d8086cd0062306f39adea5da5bd2603
09923e35f19687a524bbca7d42b92b6748534f25
0ACC0e5faA09Cb1976237c3a9aF3D3d4b2f35FA5
0a6f220fdc821ec1743a9a201e16a038d474b1554520e9922734e6c62628e7b2
0adab45946372c2be1b94eead4b385210a8ebf0b
0b6b1a990b6aab6edaef925c4af2a03f64c1a03ee98d3309f9557029af415f66
1031ffaf5d00c6bc1ee0978eb7ec196b1d164129
1398db28ca00d9f943355d6b57ab28a61110bfef
1586fec6363ba1d6bac3056e4aee0bc0b4fefdf37f6060850b2d9168c39e6683
18b9481573afb349c499ed5469ed903db5289b7946daddc1961e945b3d4d3cb7
1aa32442bfcbee3981e038d50a05885d35fd1d4ec33af5a9bd40e5d1dc88a686
1ae8840ceaef6eec4da1b1e6e5fcf298800b46e6
246569f8b420c8d850c475c53d0d59973b3f08fc
27a9d7d17d72a5a67115dbf381b121b51d8b5dd8
2d7554062664050294640891a122019a68ac5a2b
2e1155cf5374cba058a04fd03ebd0ba19afe580d
313d06759af5696d6ee3f5965408e9c5b658fb7e
31499e03303dd75851a1738e88972cd998337403
365d2c5220989a068d8b0e95625875c55166297b
3af55ab7edbca175f80f3a7ddeac5dabf611347b
3e3b2950c72f863642db0a1bd248be3009ba65e9fa950d5a3094a7b1d7b14e2e
40d7b7A55dd51ee94A9a4788311e39CB362Fe1Ea
419787019b991ac2c765a14467d177c6c0b05c00
4272200ef626d409e9bac681aa0efdb653a9ef0b
437147DA920714feC4822F0666D940945f9c972B
4c7c2b39e3d642d452adfca632939a60b1baacf7
4e35b2214a12f8d49cdd0100d71f7573ee47dd6a575e149eb1529285b7effff9
5271b379f3e1954e20791142d734596a3de28efd
593dc5e1ad81667bbfc90739dd2c09c926920e3b
5b24da735fd5835ec5afb5abf9f3e89270e609c8
5ce61bc9bec2ff7a5291b48903441a39fab6df59934cf75b7cd1abee67ac8017
5d65aeb2bd903bee822b7069c1c52de838f11bf8
683c3d42325ca1beb2475f443c916832f0bd10f2
68c4a151d436ec1c5448d225a97bd19cce4dfed0
6C6357F30FCc3517c2E7876BC609e6d7d5b0Df43
6abcA33faeb7deb1E61220e31054f8d6Edacbc81
74487eed1e67f4787e8c0570e8d5d168a05254d4
75c6615cdcdd5ce97c1c30357c64762ab3ab8fa0357fe290b8b6e3afd3a85463
78a9903af04c8e887df5290c91917f71ae028137
84b7c4a2b79d454bbb1636d6d872ed367bbcf4b664193b7b8baded8675085935
8e7f5d85c3587725b1188d3cc04ca814ab60cdce
906b3436067e48f3355f8cb5266c0055787d8cd378d3fe99e7020eecdde2ca74
967bb571f0fc9ee79c892abf9f99233aa1737e31
9726abb675bff14f512018a583693e815857829dc2459556938a491900638e21
979ec2af1aa190143d294b0bfc7ec35d169d845c
996f5ccbf2856137744603b382de559b78a096fc
9cf71f2ff126b9743319b60d2d873f0e508810dc
A06957c9C8871ff248326A1DA552213AB26A11AE
a63eea88c4f9304e7e6c582a586b720c1dd50d671f8f6077143968eea2a3f97b
a88a7d86bbd780f42850472feffcb626684b3df7b2f7c062e3b12009224e609d
abef0df725ef5d2f0354c59ea3ccb161abc11515
ad6a4ace6dcc21c93ca9dbc8a21c7d3a726c1fb1
afad9352eb6bcd085dd68268d353d0ed2571af89
b27d40fb4a7975e6f4e6bd7f9fbf6e8d53bf8298
bcd5b968a79a04bf2bb942a449f10c20a7121ed8
beb56f2ad2b41339c377cbdb713e88b565af5bba407de24edaabf473a82967fd
c35a06d02471acc48e552e99d8b860bac73cbe9d
c433d50dd0614c81ee314289ec82aa63710d25e8
c7c6d42875fd091faa16ad0225f587158f47fce4
d7589fdf5c035ce5d432e5af64b13b77802b7451315f460ce1bda8a4e7c89240
db0cd0f1cb5bd13b9b3249e6a560aaeddbd0134d0f678220e626b20a424473ce
def57ccb20b1f2eaee0c64aab3280350f84cb0fc
e0c79066488a15b70361ad8268d713b05944a4fe
eb4854fb3ea8a3f5d87331b04bfc4daeac76343ebcbcaeff976551fadb5050cc
ffeb3dd56d0bde492cd08c0975edad38524f5ef003f55c258e75638044324acf
0258c2af4fe694df026cca55d17feebd5b361acc
03e89f2e1ebcea5d94c1b530f638cea3950c2e2b
044bf69ae74fcd8d1fc11da28adbad82bbb42351
05492cbc8fb228103744ecca0df62473b2858810
0784051d5136a5ccb47ddb3a15243890f5268482
0864b5ef4d8086cd0062306f39adea5da5bd2603
09923e35f19687a524bbca7d42b92b6748534f25
0ACC0e5faA09Cb1976237c3a9aF3D3d4b2f35FA5
0a6f220fdc821ec1743a9a201e16a038d474b1554520e9922734e6c62628e7b2
0adab45946372c2be1b94eead4b385210a8ebf0b
0b6b1a990b6aab6edaef925c4af2a03f64c1a03ee98d3309f9557029af415f66
1031ffaf5d00c6bc1ee0978eb7ec196b1d164129
1398db28ca00d9f943355d6b57ab28a61110bfef
1586fec6363ba1d6bac3056e4aee0bc0b4fefdf37f6060850b2d9168c39e6683
18b9481573afb349c499ed5469ed903db5289b7946daddc1961e945b3d4d3cb7
1aa32442bfcbee3981e038d50a05885d35fd1d4ec33af5a9bd40e5d1dc88a686
1ae8840ceaef6eec4da1b1e6e5fcf298800b46e6
246569f8b420c8d850c475c53d0d59973b3f08fc
27a9d7d17d72a5a67115dbf381b121b51d8b5dd8
2d7554062664050294640891a122019a68ac5a2b
2e1155cf5374cba058a04fd03ebd0ba19afe580d
313d06759af5696d6ee3f5965408e9c5b658fb7e
31499e03303dd75851a1738e88972cd998337403
365d2c5220989a068d8b0e95625875c55166297b
3af55ab7edbca175f80f3a7ddeac5dabf611347b
3e3b2950c72f863642db0a1bd248be3009ba65e9fa950d5a3094a7b1d7b14e2e
40d7b7A55dd51ee94A9a4788311e39CB362Fe1Ea
419787019b991ac2c765a14467d177c6c0b05c00
4272200ef626d409e9bac681aa0efdb653a9ef0b
437147DA920714feC4822F0666D940945f9c972B
4c7c2b39e3d642d452adfca632939a60b1baacf7
4e35b2214a12f8d49cdd0100d71f7573ee47dd6a575e149eb1529285b7effff9
5271b379f3e1954e20791142d734596a3de28efd
593dc5e1ad81667bbfc90739dd2c09c926920e3b
5b24da735fd5835ec5afb5abf9f3e89270e609c8
5ce61bc9bec2ff7a5291b48903441a39fab6df59934cf75b7cd1abee67ac8017
5d65aeb2bd903bee822b7069c1c52de838f11bf8
683c3d42325ca1beb2475f443c916832f0bd10f2
68c4a151d436ec1c5448d225a97bd19cce4dfed0
6C6357F30FCc3517c2E7876BC609e6d7d5b0Df43
6abcA33faeb7deb1E61220e31054f8d6Edacbc81
74487eed1e67f4787e8c0570e8d5d168a05254d4
75c6615cdcdd5ce97c1c30357c64762ab3ab8fa0357fe290b8b6e3afd3a85463
78a9903af04c8e887df5290c91917f71ae028137
84b7c4a2b79d454bbb1636d6d872ed367bbcf4b664193b7b8baded8675085935
8e7f5d85c3587725b1188d3cc04ca814ab60cdce
906b3436067e48f3355f8cb5266c0055787d8cd378d3fe99e7020eecdde2ca74
967bb571f0fc9ee79c892abf9f99233aa1737e31
9726abb675bff14f512018a583693e815857829dc2459556938a491900638e21
979ec2af1aa190143d294b0bfc7ec35d169d845c
996f5ccbf2856137744603b382de559b78a096fc
9cf71f2ff126b9743319b60d2d873f0e508810dc
A06957c9C8871ff248326A1DA552213AB26A11AE
a63eea88c4f9304e7e6c582a586b720c1dd50d671f8f6077143968eea2a3f97b
a88a7d86bbd780f42850472feffcb626684b3df7b2f7c062e3b12009224e609d
abef0df725ef5d2f0354c59ea3ccb161abc11515
ad6a4ace6dcc21c93ca9dbc8a21c7d3a726c1fb1
afad9352eb6bcd085dd68268d353d0ed2571af89
b27d40fb4a7975e6f4e6bd7f9fbf6e8d53bf8298
bcd5b968a79a04bf2bb942a449f10c20a7121ed8
beb56f2ad2b41339c377cbdb713e88b565af5bba407de24edaabf473a82967fd
c35a06d02471acc48e552e99d8b860bac73cbe9d
c433d50dd0614c81ee314289ec82aa63710d25e8
c7c6d42875fd091faa16ad0225f587158f47fce4
d7589fdf5c035ce5d432e5af64b13b77802b7451315f460ce1bda8a4e7c89240
db0cd0f1cb5bd13b9b3249e6a560aaeddbd0134d0f678220e626b20a424473ce
def57ccb20b1f2eaee0c64aab3280350f84cb0fc
e0c79066488a15b70361ad8268d713b05944a4fe
eb4854fb3ea8a3f5d87331b04bfc4daeac76343ebcbcaeff976551fadb5050cc
ffeb3dd56d0bde492cd08c0975edad38524f5ef003f55c258e75638044324acf