{"id":2545782,"date":"2023-06-11T12:30:11","date_gmt":"2023-06-11T16:30:11","guid":{"rendered":"https:\/\/platoai.gbaglobal.org\/platowire\/how-north-korean-hackers-utilized-shadow-it-workers-to-conduct-cryptocurrency-thefts\/"},"modified":"2023-06-11T12:30:11","modified_gmt":"2023-06-11T16:30:11","slug":"how-north-korean-hackers-utilized-shadow-it-workers-to-conduct-cryptocurrency-thefts","status":"publish","type":"platowire","link":"https:\/\/platoai.gbaglobal.org\/platowire\/how-north-korean-hackers-utilized-shadow-it-workers-to-conduct-cryptocurrency-thefts\/","title":{"rendered":"How North Korean Hackers Utilized Shadow IT Workers to Conduct Cryptocurrency Thefts"},"content":{"rendered":"

In recent years, North Korean hackers have been making headlines for their involvement in various cyberattacks, including the theft of cryptocurrencies. What is particularly interesting about these attacks is the way in which the hackers have utilized shadow IT workers to carry out their operations.<\/p>\n

Shadow IT refers to the use of technology or software that is not approved or supported by an organization’s IT department. In the case of North Korean hackers, they have been known to recruit individuals who have access to cryptocurrency exchanges or other financial institutions, but who are not necessarily employed by these organizations.<\/p>\n

These shadow IT workers are often lured in with promises of high-paying jobs or other incentives, and are then tasked with carrying out specific actions on behalf of the hackers. This can include stealing login credentials, installing malware on company systems, or even physically accessing servers to steal data.<\/p>\n

One of the most high-profile examples of this type of operation was the 2018 theft of $530 million worth of cryptocurrency from the Japanese exchange Coincheck. According to reports, North Korean hackers recruited a group of individuals in Europe and Asia to carry out the attack, using a combination of phishing emails and malware to gain access to the exchange’s systems.<\/p>\n

Another example is the 2019 theft of $2 billion worth of cryptocurrency from various exchanges around the world. In this case, North Korean hackers reportedly used a group of Chinese nationals to carry out the attacks, again using phishing emails and other tactics to gain access to the targeted systems.<\/p>\n

The use of shadow IT workers allows North Korean hackers to distance themselves from the actual attacks, making it more difficult for law enforcement agencies to track them down. It also allows them to tap into a wider pool of resources and expertise, as they can recruit individuals with specific skills or knowledge that they may not possess themselves.<\/p>\n

However, this tactic also carries risks for the hackers. Shadow IT workers may not be as loyal or trustworthy as regular employees, and there is always the risk that they will be caught or turn on their employers. In addition, the use of these individuals can make it more difficult for the hackers to maintain operational security, as they may not have the same level of control over their actions as they would with regular employees.<\/p>\n

Overall, the use of shadow IT workers by North Korean hackers is a concerning trend that highlights the evolving nature of cybercrime. As organizations become more aware of the risks posed by these types of attacks, it is important that they take steps to protect themselves and their customers from these threats. This includes implementing strong security measures, educating employees about the risks of phishing and other tactics, and working with law enforcement agencies to track down and prosecute those responsible for these crimes.<\/p>\n