Researcher warns of North Korea’s changing crypto tactics

The paradigm security researcher, Samczsun, raises that the cyber operations of North Korea extend far beyond the famous Lazare group.

Her warnings come as the cryptographic industry emerges from recent appeal hackwho would have involved a sophisticated compromise of the SAFEWALLET infrastructure.

This attack marked a departure from the previous North Korean Hacking incidents. Instead of targeting the parbit directly, the pirates managed to rape sure {Wallet}.

This change in tactics highlights the growing sophistication of their strategies and raises important concerns concerning the safety of the wider ecosystem of cryptocurrency.

According to SamczsunThe cybercrime supported by North Korea is not only the work of a single group, but rather a network of threat actors sponsored by the State operating under different names.

Cyber-war structure of North Korea

Samczsun analyzes the cyber-man of North Korea for years. He explains that referring to all the North Korean cyber-activity because the “Lazare group” simplifies a much more complex network too much.

The hacking operations of North Korea are mainly managed by the General Recognition Office, an intelligence agency which oversees several hacking units. These include not only the Lazare group, but also on the APT38, Applejeus and other specialized teams.

Each of these groups has a different orientation. Lazare group, For example, is known for its high-level cyber attacks, including the Sony Pictures 2014 hack and the Bangladesh Bank Heist 2016. Apt38 specializes in financial crimes, including banking fraud and cryptocurrency flight.

“Apt38”, wrote Samczsun, “who left Lazare group around 2016 in order to focus on financial crimes, first targeting banks (like the Bangladesh bank), then cryptocurrency later.”

Applejeus has targeted cryptocurrency users with disguised malware in trading applications.

These groups work under the same government umbrella, help North Korea’s arms programs and escape international sanctions.

Crypto is now a target in North Korea

North Korea has turned to cryptocurrency as a major income source. Unlike traditional finances, cryptographic transactions are decentralized and often more difficult to follow or freeze.

North Korean pirates exploit this by breaking the exchanges, in deployment of malware and using false job offers to access internal systems.

An example is the case for “wagemole” agents – North Korean IT workers which infiltrates legitimate technological companies. These people seem to be regular employees but sometimes use their access to steal funds or compromise systems.

This tactic was seen in the Munchables featWhere an employee with links with North Korea has drained assets of the protocol.

Another method is supply chain attacks, where hackers compromise software suppliers that serve cryptocurrency companies. In a case, Applejeus hackers have inserted malware into a widely used communication tool, affecting millions of users.

In another, the North Korean attackers violated an entrepreneur working with Radiant Capital, accessing social engineering on Telegram, according to Samczsun.

What it means for crypto

Samczsun warned that the cyber operations of North Korea are evolving. Bybit’s attack shows that hackers are now targeting infrastructure providers, not just exchanges.

This means that the entire cryptography ecosystem – portfolios to intelligent contract platforms – could be at risk.

For crypto users and companies, the keys to remember is that North Korean Cyber-menices go beyond the Lazare group and simple exchange hacks. The industry needs stronger security protocols, improving information sharing and greater awareness of social engineering threats.