Cybersecurity

North Korea-linked Hackers Steal $2.02 Billion In 2025, Leading...

2025-12-18 0 views admin
North Korea-linked Hackers Steal $2.02 Billion In 2025, Leading...

Threat actors with ties to the Democratic People's Republic of Korea (DPRK or North Korea) have been instrumental in driving a surge in global cryptocurrency theft in 2025, accounting for at least $2.02 billion out of more than $3.4 billion stolen from January through early December.

The figure represents a 51% increase year-over-year and $681 million more than 2024, when the threat actors stole $1.3 billion, according to Chainalysis' Crypto Crime Report shared with The Hacker News.

"This marks the most severe year on record for DPRK crypto theft in terms of value stolen, with DPRK attacks also accounting for a record 76% of all service compromises," the blockchain intelligence company said. "Overall, 2025's numbers bring the lower-bound cumulative estimate for cryptocurrency funds stolen by the DPRK to $6.75 billion."

The February compromise of cryptocurrency exchange Bybit alone is responsible for $1.5 billion of the $2.02 billion plundered by North Korea. The attack was attributed to a threat cluster known as TraderTraitor (aka Jade Sleet and Slow Pisces). An analysis published by Hudson Rock earlier this month linked a machine infected with Lumma Stealer to infrastructure associated with the Bybit hack based on the presence of the email address "trevorgreer9312@gmail[.]com."

The cryptocurrency thefts are part of a broader series of attacks conducted by the North Korea-backed hacking group called Lazarus Group over the past decade. The adversary is also believed to be involved in the theft of $36 million worth of cryptocurrency from South Korea's largest cryptocurrency exchange, Upbit, last month.

Lazarus Group is affiliated with Pyongyang's Reconnaissance General Bureau (RGB). It's estimated to have siphoned no less than $200 million from over 25 cryptocurrency heists between 2020 and 2023.

The Lazarus Group is one of the most prolific hacking groups that also has a track record of orchestrating a long-running campaign referred to as Operation Dream Job, in which prospective employees working in defense, manufacturing, chemical, aerospace, and technology sectors are approached via LinkedIn or WhatsApp with lucrative job opportunities to trick them into downloading and running malware such as BURNBOOK, MISTPEN, and BADCALL, the last of which also comes in a Linux version.

The end goal of these efforts is two-pronged: to collect sensitive data and generate illicit revenue for the regime in violation of international sanctions imposed on the countr

Source: The Hacker News

🏷️ Tags

hackmalwareattackthreat

More from Cybersecurity

Cisco Vpns, Email Services Hit In Separate Threat Campaigns 2025

Cisco Vpns, Email Services Hit In Separate Threat Campaigns 2025

2025-12-19 0
Microsoft Confirms Teams Is Down And Messages Are Delayed 2025

Microsoft Confirms Teams Is Down And Messages Are Delayed 2025

2025-12-19 0
Nigeria Arrests Dev Of Microsoft 365 'raccoon0365' Phishing Platform

Nigeria Arrests Dev Of Microsoft 365 'raccoon0365' Phishing Platform

2025-12-19 0
Russia-linked Hackers Use Microsoft 365 Device Code Phishing For...

Russia-linked Hackers Use Microsoft 365 Device Code Phishing For...

2025-12-19 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views