Twitter attackers have been laundering stolen funds via gambling websites and peer-to-peer marketplaces, leaving a handle that links them to one of North Korea’s hacker groups.
According to the report by CipherTrace cryptocurrency forensics firm, thieves have been transferring funds to multiple various addresses in order to launder and cash them out. Along with gambling services and P2P marketplaces, hackers also turn to mixing services and cryptocurrency exchanges.
Thus, back on July 16, 2.89 BTC composing about 22.5% of the stolen cryptocurrency was sent to Wasabi mixing wallet. On July 17, 0.1022 BTC were sent to ChipMixer. Mixing services are commonly used for obfuscating the funds by various tools such as splitting, merging etc.
Later on, around 1.08945 BTC were sent through a wallet address 1Bn9LVWBW9xhKH1dFA9uWMM46RTc5Qror5 to a Singapore-based exchange, however, CipherTrace failed to define the owner of the address.
Such a scheme of money laundering is said to be typical for North Korean hacker groups. They commonly use peel chains to forward stolen funds to various channels. In the Twitter case, as established by CipherTrace, there have been an array of such channels.
Lately, hackers from North Korea have been posing a real threat to businesses and governments. Backed by the country’s leader Kim Jong-un, the groups gain significant support, in order to bring money to the regime to aid it to withstand tough US sanctions.
In fact, some cybersecurity specialists argue that North Korea has been building an entire army of hackers in an attempt to end the US hegemony, while their hacking potential has been the second strongest worldwide, leaving behind Russia, Israel and even the USA. Their most famous gang is known as the Lazarus Group or Hidden Cobra, being the most famous for the WannaCry and MATA malware.
Among other things, the group is said to be involved in numerous bank robberies as well as cryptocurrency exchanges hacks, including the famous attack at Bithumb exchange that resulted in the loss of US$7 million. According to CoinIdol, a world blockchain news outlet, the Lazarus group has even used Telegram messenger to steal users’ funds. The fact that back in April 2020, the USA government announced a $5 million reward for anyone able to provide information on the group members and their activity means that the Hidden Cobra has been considered as an actual and tangible threat.
Surely, it is very unlikely that such a big and famous group could be behind the hack of Twitter as they mostly deal with much bigger attacks. However, Lazarus group is far from being the only hacker gang operating from North Korea and backed by its government.
The Twitter hack might be very well performed by some of the smaller groups set to fulfil smaller-scale tasks. Considering the pattern of money laundering used for stolen cryptocurrency and tensed relationships between the US and North Korea, it might be logical to assume that hackers attacked the country’s social media giant for a reason. Perhaps, it was just another pinch to a rivalling country or an attempt to raise a budget for further hacker training. Anyway, despite the assumptions, it is difficult to actually prove anything.