Mandiant, a cybersecurity firm recently acquired by Google, published a study describing some of North Korea's cyber operations, including how the regime is deploying hackers to steal cryptocurrency assets.

The country's espionage operations are thought to reflect the regime's immediate concerns and priorities, which are likely currently focused on obtaining financial resources through crypto heists, targeting of media, news, and political entities, information on foreign relations and nuclear information, and a slight decline in the once spiked stealing of COVID-19 vaccine research," according to the report.

The paper goes into depth on North Korea's cyber activities and how they are organised under the Reconnaissance General Bureau, or RGB, which is similar to the CIA or MI-6. It also gives insight on the famed North Korean hacking organisation "Lazarus," which has been active since 2009.

According to the study, Lazarus is not a single hacking gang, but rather an umbrella word used by reporters to refer to a variety of state-backed hacker groups working out of North Korea. These many organisations, on the other hand, operate in separate "sectors" and have distinct tasks. One of the tasks is to raise revenue via stealing cryptocurrency.

Cyber espionage activities in the news at the moment

From early January 2022 through mid-February 2022, hacker groups related to Lazarus were active and exploiting a Google Chrome vulnerability.

In a blog post published on March 24th, Google's Threat Analysis Group said that North Korean state-backed attacker groups — codenamed "Operation Dream Job" and "Operation AppleJeus" — had been exploiting a "remote code execution vulnerability in Chrome" since early January 2022 to carry out various hacks and phishing attacks. In a blog post, TAG's Adam Weidemann wrote: