The US Federal Bureau of Investigation (FBI) is conducting an ongoing investigation into the notorious North Korean cybercrime group Lazarus, formerly known as “God’s Apostles”. The group is alleged to have stolen over $800 million in virtual currency.
Over the past decade, the Lazarus group has targeted entertainment companies, banks, and pharmaceutical companies both in the US and worldwide. One heist, in particular, is referenced in the court documents, where approximately $41 million worth of virtual money was allegedly stolen from the online casino platform Stake.com and laundered through VCM Sinbad. Sinbad has since been sanctioned by the US Treasury Department’s Office of Foreign Assets Control for its involvement in laundering money from the Stake.com heist, among others executed by Lazarus.
The FBI also released a statement late last year accusing the Lazarus group of having amassed over $200 million of stolen virtual currency in 2023 alone.
The North Korean cybercriminals allegedly used a software service known as a virtual currency mixer (VCM) to launder the stolen money. VCMs are a common money laundering tool used by North Korean threat actors, as they enable the user to send a digital currency while concealing the sender’s source.
Lazarus group funds N. Korea’s missile program
The overriding reason for the FBI’s relentless pursuit of the Lazarus group is a strong belief in Washington that Kim Jong Un’s politically-isolated and cash-strapped North Korean communist party has been using the proceeds of cybercrime to fund its missile program.
Earlier this week, Kim Jong Un warned again that he could use nuclear weapons in potential conflicts with South Korea and the United States, making it imperative for the US and its allies to somehow stem the rogue state’s supply of stolen cryptocurrency. However, the cybercriminals responsible may never face prosecution in a US court, as they are able to operate remotely and with Kim Jong Un’s full support.
The Lazarus group has been operating for over a decade. It initially won notoriety in 2014 for an attack against Sony Pictures and again in 2016 for the theft of $81M from Bangladesh Bank. What makes Lazarus unique is that unlike other state actors — cybercriminal groups acting in the interest of their government – the group appears to be highly financially motivated. Allegedly having stolen over $1 billion in total, the group is believed to be responsible for some of the most ambitious international cybercrime campaigns.
