North Korea-linked hackers transferred $150,000 in cryptocurrency to a Cambodian payment company over an eight-month period to facilitate money laundering, Reuters reported on Tuesday.
The hacking group known as Lazarus transferred cryptocurrency worth $150,000 (approximately 208 million won) to the Cambodian payment platform Huione Pay from an anonymous digital wallet. According to Reuters, Lazarus used the firm to launder the funds over an eight-month period, from June 2023 to February 2024.
Two blockchain analysts who spoke with Reuters stated that the transferred cryptocurrency is theft proceeds stolen by Lazarus from three cryptocurrency companies in June and July of the previous year. The hacking group primarily used phishing attacks to gather the money.
On August 22, 2023, the Federal Bureau of Investigation (FBI) confirmed that the Lazarus group stole cryptocurrency from three crypto companies and attempted to cash it out. The FBI reported that the hacking group had stolen a total of $197 million (272.8 billion won) in virtual currency from three firms—Alphapo, CoinsPaid, and Atomic Wallet—in June 2023.
The United Nations Office on Drugs and Crime issued a report on January 15, stating that hackers, including Lazarus, exploit the same key crime areas in unregulated crypto exchanges across Southeast Asia, including Cambodia, Myanmar, Thailand, and Laos.
Huione Pay stated that they were unaware their company had indirectly received stolen funds from Lazarus. They also clarified that the company does not control the digital wallet used to send the cryptocurrency.
However, research published by the British blockchain analytics company Elliptic on July 10 revealed that Huione Guarantee, which includes Huione Pay, is an online marketplace frequently used by South Asian scammers. The report indicated that Huione provides money laundering services, converting funds from victims worldwide into cash, cryptocurrencies, and other assets.
One of Huione Pay’s directors is a cousin of the current Cambodian prime minister, who has faced accusations of drug trafficking and money laundering in the past.
Meanwhile, the National Bank of Cambodia has banned the use of cryptocurrency and digital funds for payments.
Related article: North Korean hackers target LinkedIn users with fake Chinese profile
A North Korean hacking group allegedly disguised itself as a Chinese investor on a social media platform, employing this guise to lure victims into engaging with phishing attacks.
According to the blockchain security firm SlowMist, the Lazarus group allegedly crafted a fraudulent account on LinkedIn named “Nevil Bolson.” Purporting to be an investor and entrepreneur, the user represented himself as a founding partner at the Chinese venture capital firm “Fenbushi Capital.” The imposter replicated the legitimate profile of a Fenbushi Capital partner, making minor alterations to the description section and even using an identical profile photo to enhance its appearance of legitimacy.
SlowMist’s Chief Information Security Officer emphasized that LinkedIn served as a crucial tool for the North Korean hacking group to orchestrate phishing attacks against their targets. In an email statement dated April 30, the CISO highlighted that the hackers leveraged the bogus profile to discreetly engage their victims in conversation, often by discussing investment opportunities. Once they captured the users’ interest, the hackers arranged online meetings where unsuspecting targets were duped into downloading malicious code. READ MORE