Share this article
North Korea Hackers Likely Exploit Cloud Mining to Launder Stolen Crypto, Research Shows
The APT43 group steals crypto to fund operations and launders it through cloud mining services.
Updated Mar 29, 2023, 5:00 p.m. Published Mar 28, 2023, 3:00 p.m.
North Korean hacker group APT43 probably uses cloud mining services to launder stolen crypto, according to research by Google-owned cybersecurity firm Mandiant.
Cloud mining services own and operate infrastructure and rent out hashrate to users. Hashrate is a measure of the total amount of computer processing power to secure a cryptocurrency. APT43 uses stolen cryptocurrency to pay for these services and receives crypto not associated with the crime to wallets of its choice, according to the report released on Tuesday.
STORY CONTINUES BELOW
The group is "moderately sophisticated" and supports the strategic and nuclear objectives of the North Korean regime, according to Mandiant. It uses the proceeds from cybercrime to fund its operations, which target South Korean and U.S. government organizations, academics and think tanks focused on the geopolitics of the Korean peninsula, the report said.
To acquire the crypto, APT43 steals credentials, often by phishing attacks. That is, it creates legitimate-looking websites – for example, a site masquerading as a crypto exchange – and persuades unsuspecting users to reveal personal information.
North Korean hackers have been increasingly including crypto in their operations, often in high-profile digital heists like the $100 million Horizon Bridge theft, according to the FBI. Authorities around the world, particularly in the U.S. and South Korea, are trying to combat the threat.
Mandiant was acquired by Google and integrated into its cloud service in September 2022.
Read more: FBI: North Korean Hackers Behind $100M Horizon Bridge Theft
More For You
What to know:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
More For You
The Protocol: Stripe’s Tempo Testnet Goes Live
Also: ZKSync Lite to Sunset, Blockstream App Update, Axelar’s AgentFlux
What to know:
This article is featured in the latest issue of The Protocol, our weekly newsletter exploring the tech behind crypto, one block at a time. Sign up here to get it in your inbox every Wednesday.
Top Stories
