$3B Worth Crypto Stolen by North Korean Hackers Since 2017: Report

cyberattack Microsoft North Korea
The stolen crypto funds reportedly finance over half of North Korea’s nuclear and missile programs.
Last updated:
Author
Author
Sujha Sundararajan
About Author

Sujha has been recognised as 🟣 Women In Crypto 2024 🟣 by BeInCrypto for her leadership in crypto journalism.

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Ad DisclosureWe believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. Read more

A recent study by Microsoft revealed that North Korean hackers have stolen more than $3 billion in cryptocurrency since 2017. The heists total between $600 million and $1 billion in 2023 alone.

Microsoft’s Digital Defense Report for 2024 highlighted the complexity of the global cyber threat landscape, driven by increasing crypto attacks.

Per the report, unveiled Thursday, the stolen crypto funds reportedly finance over half of North Korea’s nuclear and missile programs. White House Cyber Deputy National Security Advisor Anne Neuberger noted that North Korea’s misuse of these tactics is increasing.

The country uses cryptos “to evade harsh sanctions and support its ambitions to project geopolitical power through nuclear weapons and ballistic missiles.”

Since 2023, Microsoft has identified three major North Korean threat groups Jade Sleet, Sapphire Sleet, and Citrine Sleet. These players have been particularly active in targeting cryptocurrency organisations, it added.

Additionally, Moonstone Sleet, a new North Korean threat actor, developed a custom ransomware variant called FakePenny. The notorious group deployed the ransomware at defence and aerospace organisations after exfiltrating data from the impacted networks.

Microsoft analysts noted that the emergence of threat actor groups suggests an increasing use of cybercriminal tools to boost the North Korean regime’s financial resources.

Microsoft Report Identifies Iranian, Russian Threat Actors

In addition to North Korean threat groups, the Microsoft report also identified Iranian nation-state threat actors seeking financial gains from scandalous cyber operations.

“This marks a change from previous behaviour, whereby ransomware attacks that were designed to appear financially motivated were actually destructive attacks,” the report read.

Iran placed significant focus on Israel, especially after the outbreak of the Israel-Hamas war. Iranian actors have continued to target the US and Gulf countries, including the UAE and Bahrain, the report added.

Additionally, Russian threat actor groups have integrated more commodity malware in their operations, outsourcing cyber espionage operations to criminal groups.

More Articles

Blockchain News
Siberian Power Firm Aims to Prosecute 400 ‘Illegal’ Crypto Miners
Tim Alper
Tim Alper
2025-01-20 03:00:00
Blockchain News
Court Jails Crypto Exchange Operator Who Took BTC to Spy for North Korea
Tim Alper
Tim Alper
2025-01-19 23:30:00
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors