North Korea using hackers to raise revenue via crypto heists

cryptoslate發佈於 2022-03-26更新於 2022-03-26

文章摘要

North Korea has been employing hackers to finance some state operations via “crypto heists”, according to a report by cybersecurity firm Mandiant.

North Korea has been employing hackers to finance some state operations via “crypto heists”, according to a report by cybersecurity firm Mandiant.

“The country’s espionage operations are believed to be reflective of the regime’s immediate concerns and priorities, which is likely currently focused on acquiring financial resources through crypto heists, targeting of media, news, and political entities, information on foreign relations and nuclear information, and a slight decline in the once spiked stealing of COVID-19 vaccine research.”

The report details the country’s cyber operations and how they are structured within the Reconnaissance General Bureau, or RGB — North Korea’s intelligence agency akin to the CIA or MI-6. It also sheds light on the infamous hacker group “Lazarus” which has been operating out of North Korea since 2009.

According to the report, Lazarus is not a single group of hackers, rather an umbrella term reporters use to refer to numerous different state-backed hacker groups operating out of The Democratic Republic of North Korea. However, these different groups operate in different “sectors” and have unique responsibilities. One of the responsibilities is raising funds through the theft of cryptocurrencies.

Assessed Structure of DPRK CYBER PROGRAMS - Mandiant

Assessed cyber structure of DPRK cyber programs

Latest cyber espionage activity

Hacker groups linked to Lazarus have recently been active and were exploiting a google Chrome vulnerability from early January 2022 until mid-February, when the exploit was patched out.

Google’s Threat Analysis Group, or TAG, said in a blog post on March 24th that North Korean state-backed attacker groups — tracked publicly as “Operation Dream Job” and “Operation AppleJeus” — had been exploiting a “remote code execution vulnerability in Chrome” since early January 2022 to conduct various hacks and phishing attacks. TAG’s Adam Weidemann said in the blogpost:

“We observed the campaigns targeting U.S.-based organizations spanning news media, IT, cryptocurrency, and fintech industries. However, other organizations and countries may have been targeted.”

The exploit allowed the hackers to send bogus job offers to people working in the aforementioned industries, which would then lead to spoofed versions of popular job-hunting websites like Indeed.com. The exploit kit and phishing are similar to those tracked in Operation Dream Job. Meanwhile, another hacker group has been targeting crypto firms and exchanges using the same exploit kit.

Google said that roughly 340 people had been targeted by hacker groups. It added that all identified websites and domains were added to its Safe Browsing service to protect users and it is continuing to monitor the situation.

Lazarus targeting financial services, crypto

Lazarus-linked hacker groups have been involved in various hacks on crypto firms and traditional banks for several years now. Some notable hacks include the 2016 Bangladesh Bank cyber heist and various crypto-related attacks in 2017.

The main hacker group focused on financial services attacks is APT38, which was behind the notorious SWIFT hack. It includes a subgroup called CryptoCore or “Open Password.”

Most of these hacks have been successful and it is estimated that hackers have raised over $400 million for North Korea. An investigation by the UN concluded that proceeds from these cyber heists have been used to fund the hermit country’s ballistic missile program.

你可能也喜歡

华尔街新操作:日元空头仍在加码,但日股靠的不是Carry Trade平仓

2026年6月初,美元兑日元汇率重返160关口附近,日经225指数则突破68000点创历史新高。市场出现对“套利交易(carry trade)崩盘”的担忧,但数据揭示了更复杂的情况。 首先,投机资金并未撤离日元空头,反而在加码。CFTC持仓数据显示,截至5月26日当周,日元期货净空头头寸增至约11.5万张合约,接近历史高位。这意味着若日本央行转向鹰派或美国经济走弱,可能引发类似2024年8月的被动平仓风险。 其次,日本财务省在4月底至5月底实施了规模创纪录的外汇干预(约11.7万亿日元),但仍未能阻止日元汇率跌破160。这显示单边干预效果有限。 关键点在于,推动日股上涨的动力并非来自套利交易平仓后的资金回流。外资正连续数周大幅净买入日股,2026年内累计净买入额已达去年同期的近16倍。资金集中流向AI与半导体相关股票(如软银、Socionext),是追逐全球AI产业趋势的主动投资行为,与2024年因套利交易瓦解引发的被动抛售有本质不同。 此外,日股在日本央行加息周期中依然走强,表明当前外资行情对利率敏感度较低。但若未来日本央行进一步加息(例如至1.0%)叠加美元转弱,可能导致套利交易成本骤升,届时股市与汇市的关系可能重新紧密联动。 综上,当前市场并存三个事实:日元空头仓位拥挤、干预未能守住关键汇率、日股受AI主题外资驱动创新高。它们并不矛盾,共同构成了市场的复杂图景。

marsbit3 分鐘前

华尔街新操作:日元空头仍在加码,但日股靠的不是Carry Trade平仓

marsbit3 分鐘前

博通 Q3 指引差预期 12 亿美元,盘后跌超 13%,AI 叙事「冷却」?

博通公布2026财年第二季度业绩,营收创纪录达221.9亿美元,同比增长48%,调整后每股收益2.44美元超预期。AI半导体收入108亿美元,同比增长143%。然而,公司对第三季度AI芯片收入指引为160亿美元,低于市场预期的172亿美元,差距约7%。同时,公司维持全年AI芯片收入超1000亿美元的指引不变,未作上调。 此指引导致博通盘后股价暴跌超13%。CEO陈福阳在电话会上指出,本季度AI网络业务占AI半导体收入比重近40%,但预计该比例将逐渐回落至30%左右。这一表态可能对A股光模块龙头公司的估值构成压力。 此外,博通的业绩指引引发外溢效应,Marvell等AI相关公司股价盘后跟跌。市场担忧AI整体叙事可能“降温”,但公司管理层仍强调AI芯片需求“难以满足”,长期景气度不变。此次股价波动被视为高估值下的获利了结,长期趋势仍需观察后续行业动向。

marsbit3 分鐘前

博通 Q3 指引差预期 12 亿美元,盘后跌超 13%,AI 叙事「冷却」?

marsbit3 分鐘前

狗狗币价格刚进入关键水平,但分析师表示现在还不是买入时机

狗狗币价格已重回月线图上的一个重要长期水平,在数月疲软走势后再次面临关键考验。分析师Trader Tardigrade指出,DOGE目前正处在一个关键的阻力区域,过去十年的两次触及此区域均以反弹失败告终。 图表显示,狗狗币长期交易于一个巨大的下降扩散通道内。该通道自2015年以来定义了其价格走势,上下两条红色趋势线随时间逐渐拓宽。此前在2017年和2020年,狗狗币曾反弹至该通道的上部阻力线,但随后均遭遇强烈拒绝并出现深度回调。目前(2026年),价格第三次回到这一上方结构,似乎将再次被拒绝。 值得注意的是,分析师使用的图表是倒置的:图表中价格越低,实际市场价格越高。因此,图中标注为关键阻力的红色下降线,在常规市场中实际代表一条看涨的支撑线。此前两次(对应2017年和2021年周期)从该倒置阻力线的拒绝,在倒置图表上呈现为大幅下跌,实则对应正常图表上的大幅上涨。 因此,当前价格行动应被视为重返支撑区域。狗狗币现报0.0937美元,正处于0.09至0.10美元的支撑区间内。若能突破0.10美元并进入0.15至0.18美元区间,将是情绪改善的首个迹象。而明确站上0.25美元,则能更清晰地确认价格正从支撑结构反弹。根据倒置图结构,在触及下一个主要趋势线之前,狗狗币甚至存在升至两位数价格目标的空间。

bitcoinist17 分鐘前

狗狗币价格刚进入关键水平,但分析师表示现在还不是买入时机

bitcoinist17 分鐘前

Ripple的RLUSD加入万事达卡稳定币结算扩展计划

万事达卡正在深化稳定币基础设施建设,宣布将瑞波的RLUSD纳入其结算扩展计划。此举将允许发卡机构和收单机构通过受监管的数字资产以及传统法币渠道来结算卡交易。 该支付巨头计划扩展其结算能力,包括提供日内、周末和假日结算选项,以及使用受监管的稳定币进行链上卡结算。此举旨在为万事达卡的合作伙伴在其全球支付网络中提供更灵活的交易结算方式和时间选择,尤其适用于跨境支付、资金库运营和支付分发。 对瑞波而言,关键进展在于RLUSD被列入万事达卡计划支持的稳定币名单。该名单还包括Circle的USDC、Paxos发行的PYUSD等、以及SoFi的SoFiUSD。这些资产将在包括Arbitrum、以太坊、Polygon、Solana和XRP账本在内的多个区块链网络上获得支持。 万事达卡表示,稳定币结算选项将与现有流程并存,而非取代。该公司将此扩展描述为一项“网络级增强”,旨在保持现有安全标准的同时,为合作伙伴增加基于数字资产的结算选择。初期支持预计来自ARQ、CBW银行等机构,重点聚焦美国和拉丁美洲市场,并计划在2026年前进一步扩展。 瑞波将RLUSD的纳入视为对其为机构支付流设计的受监管稳定币的认可。其他稳定币发行方和银行合作伙伴也强调了稳定币在流动性管理和突破传统结算时间限制方面的优势。

bitcoinist1 小時前

Ripple的RLUSD加入万事达卡稳定币结算扩展计划

bitcoinist1 小時前

李飞飞团队厘清“世界模型”概念,Sora只能算渲染器

斯坦福大学教授李飞飞团队联合发布概念分析文章《世界模型的功能分类法》,指出“世界模型”是AI领域最重要且被严重滥用的术语之一。文章将当前各类被称为“世界模型”的系统,依据其在部分可观马尔可夫决策过程中的功能,归约为三类:渲染器、模拟器和规划器。 渲染器(如OpenAI的Sora、各类文生视频模型)的核心是生成面向人类视觉的高保真像素画面,但缺乏物理精确性,无法用于需要真实物理计算的任务。模拟器(如NVIDIA Omniverse)的核心是生成精确的物理状态数据,用于数字孪生、工程分析等,但受限于高质量3D物理数据的稀缺。规划器(如各类机器人控制模型)则根据观测和目标输出具体动作指令。 文章指出,概念混乱源于各类系统只承载了“理解世界”完整认知循环中的一个环节,却被营销和叙事包装为完整模型。例如,Sora仅能沿视频数据固有序列“被动续写”,无法基于外部动作进行状态转移预测,因此本质上是渲染器,而非真正的世界模拟器。澄清概念有助于技术选型、投资判断和建立可比基准,避免因能力误解导致决策失误。未来的方向是三类功能的融合,但当前认清各自边界更为重要。

marsbit1 小時前

李飞飞团队厘清“世界模型”概念,Sora只能算渲染器

marsbit1 小時前

交易

現貨
合約
活动图片

熱門分類right-arrow

熱門標籤right-arrow