N. Korean hacking group finances Kim Jong Un

A North Korean hacking group known as “Kimsuky” or “Thallium” is financing the North Korean regime by engaging in cybercrimes, including stealing cryptocurrency and laundering money, a new analysis has found.

Luke McNamara, a chief analyst at global cyber security company Mandiant, a subsidiary of Google Cloud, held a media briefing in Yongsan, Seoul on Tuesday and briefed the “North Korean Hacking Group APT43 Analysis Report.” APT43 is a North Korean hacking group that Mandiant officially named after APT42 in September of last year.

According to the report, APT43's main activities are in line with the mission of the Reconnaissance General Bureau (RGB), North Korea's overseas and South Korean intelligence agency. Their main task was collecting information about the North Korean regime, including nuclear development and geopolitical issues. Its major targets include government and policy research institutes, think tanks, and corporations in Korea, the U.S., Japan, and Europe.

"It imposters as individuals or journalists in the foreign affairs/defense sector and has been using stolen personally identifiable information to capture information in various industries," McNamara explained.

It was also found that APT43 laundered and procured funds by stealing cryptocurrency and converting it into a new cryptocurrency. McNamara said, "APT43 supported North Korea's espionage activities through money laundering and other activities and collaborated with other hacking groups."


namduck2@donga.com