• North Korean hackers are using cloud-based mining services to launder stolen crypto funds.
• Google-owned cybersecurity firm Mandiant has been tracking the Pyongyang-based hacking group APT43 since 2018.
• The group uses various payment methods to purchase infrastructure and hardware, including PayPal, American Express cards, and other services for future attacks.

North Korean Hackers Laundering Crypto Loot

A recent report by Google-owned cybersecurity firm Mandiant has exposed how North Korean hackers are using cloud computing to launder their crypto loot. Specifically, the hacking group known as APT43 is buying cloud mining services with its stolen funds in order to produce clean cryptocurrency that cannot be traced by law enforcement.

Group Diversifying Funds

Mandiant further noted that the group was diversifying its funds by purchasing operational infrastructure aligned with North Korea’s juche state ideology of self-reliance. Additionally, it is likely carrying out phishing attempts in order to fund its own operations in contrast to other North Korean groups such as APT38 which are primarily tasked with bringing in funds for the regime.

Cloud Mining Services

Cloud mining services enable users to mine cryptocurrencies such as Bitcoin without having to install or directly run the hardware and related software themselves. This allows miners to save money on setting up local mining rigs and also makes it much easier for them to mine digital assets with rented computing power from remote servers located anywhere around the world.

Credential Collection Campaigns

In addition, Mandiant reported that the group launched multiple credential collection campaigns last year targeting academics, journalists, politicians, bloggers, and other private individuals mainly in South Korea. These campaigns were used mainly used for gathering credentials that could be used for future phishing attempts.


North Korean hacking groups have become a major player in illicit cyber activities over recent years and are responsible for many major crypto thefts globally. By renting cloud computing power they can easily launder their stolen crypto loot while avoiding detection from law enforcement agencies worldwide.