How A North Korean Hacker Group Stole Over $1B In Crypto Last Year
Many threat actors try to develop one or two highly effective attack-chains, then deploy these attack-chains with slight variations until mitigation measures render them ineffective. Meanwhile, 2022 saw TA444 deviate from its standard playbook to throw a large variety of different attack-chains at its targets to see what stuck. Beyond it’s standard opening move of distributing malicious .LNK shortcut files or documents that download malicious remote templates, the APT group joined the wave of threat actors exploiting document macros. TA444 also tried distributing malware using a variety of file formats, including MSI installer, Virtual Hard Disk (VHD), ISO, and Microsoft Compiled HTML Help (CHM).

Nonetheless, as chaotic and out of character TA444’s activity was in 2022, the disruptive approach seems to have paid off for the APT group. In 2022, it took only a single cyberattack for TA444 to steal $500 million in cryptocurrency and eclipse 2021’s total haul of cryptocurrency worth $400 million. By the end of the year, the state-affiliated threat group stole more than $1 billion in cryptocurrency. While North Korea remains largely physically isolated from the rest of the world, the regime can still operate and secure funding on the world stage through hostile cyber activity.