Security news that informs and inspires

U.S. Gov Offers $5M Reward For North Korean Cybercrime Intel


The State Department is offering a reward of $5 million for information leading to the disruption of malicious cyber activities “that support North Korea,” a day after the U.S. government tied North Korean cybercrime groups Lazarus Group and APT38 to a hack resulting in the theft over $600 million in cryptocurrencies.

The department said it is looking for information that could help disrupt the “financial mechanisms” behind money laundering and “those who seek to undermine cybersecurity, including financial institutions and cryptocurrency exchanges around the world, for the benefit of the Government of North Korea.”

“The Department is also authorized to offer rewards of up to $5 million for information leading to the identification of any individual who, at the direction of or under control of the North Korean government, aids or abets a violation of the Computer Fraud and Abuse Act,” according to a statement on Friday.

The reward is part of the State Department’s Rewards for Justice program, a national security rewards program that has been leveraged for information on malicious activity against U.S. critical infrastructure and the DarkSide ransomware. In 2020, the program previously offered a $5 million reward for information about North-Korean sponsored hacking campaigns. This more recent offer, on Friday, comes after the Treasury Department this week linked North Korean hackers to a cryptocurrency heist in March of the Ronin Network, a blockchain network created by Sky Mavis that is leveraged by Axie Infinity, a blockchain game that lets users earn money while they play. In March, attackers used hacked private keys to forge fake withdrawals, ultimately resulting in the theft of $625 million in cryptocurrency - the largest known cryptocurrency hack ever. The Treasury Department on Thursday also sanctioned the address that received the stolen cryptocurrency.

“Through our investigation we were able to confirm Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the theft of $620 million in Ethereum reported on March 29,” said the FBI in a statement this week. “The FBI, in coordination with Treasury and other U.S. government partners, will continue to expose and combat the [Democratic People's Republic of Korea]’s use of illicit activities – including cybercrime and cryptocurrency theft – to generate revenue for the regime.”

Lazarus, which has been active since 2009, is an APT that is known for targeting an array of vertical markets,. Since 2017, the group has been focusing on the cryptocurrency vertical with the goal of financial gain, as seen in a targeted August attack against a cryptocurrency firm. Last year, researchers discovered the group using a JavaScript sniffer that they called BTC Changer, showing continual sophistication around the Lazarus group’s cryptocurrency money-laundering efforts.