The Lazarus Group’s Latest Moves
The Lazarus Group, a notorious cybercriminal organization reportedly backed by North Korea, is now using Garantex, an exchange subject to sanctions by the U.S. Office of Foreign Assets Control (OFAC), to launder stolen assets. The stolen assets are being converted into Bitcoin (BTC), despite strong efforts from various stakeholders to freeze these illicit funds.
Focus on Garantex Amid Frozen Atomic Wallet Funds
Earlier this month, Lazarus Group turned its sights onto Garantex, following a significant and successful effort from blockchain analytics firm Elliptic, partnered exchanges, and the broader community to freeze the stolen funds held in Atomic Wallet.
Sinbad.io Mixer Employed for Money Laundering
The Lazarus Group had been regularly employing the Sinbad.io mixer service to launder stolen assets. It’s noteworthy that even after turning to Garantex, the stolen funds continue to be mixed via Sinbad.io. This mixing service has a somewhat notorious reputation; its previous version, Blender.io, was blacklisted by the Treasury Department in May 2022 due to North Korea’s use of the site for its malicious cyber activities and for laundering stolen virtual currency.
Substantial Asset Theft from Atomic Wallet
On June 3, a significant sum estimated at up to $35 million in digital assets was stolen from user accounts on the cryptocurrency wallet service, Atomic Wallet. In response to this security breach, Atomic Wallet hired Chainalysis, a blockchain security and analysis firm, five days after the incident.
Links to Previous High-Profile Attacks
Lazarus Group is no stranger to large-scale, high-profile cyber attacks. Within the last year, the Harmony Bridge attack and the Ronin Bridge hack both have been attributed to this infamous North Korean cyber group. With their latest move to use Garantex, it’s clear that the Lazarus Group continues to adapt and evolve its strategies, undermining ongoing efforts by the global cybersecurity community to safeguard cryptocurrency assets.