Pierluigi Paganini March 03, 2020

The Department of Justice has charged the two Chinese nationals for laundering cryptocurrency for North Korea-linked APT groups.

The US Treasury Department and the Department of Justice have imposed sanctions and charged two Chinese nationals, Tian Yinyin ( 田寅寅) and Li Jiadong (李家东), for helping North Korea-linked hackers in laundering cryptocurrency.

The cryptocurrency have been stolen by the APT groups from two cryptocurrency exchanges.

Yinyin and Li Jiadong helped the popular North Korea-linked Lazarus APT group in launder the stolen funds.

“Two Chinese nationals were charged with laundering over $100 million worth of cryptocurrency from a hack of a cryptocurrency exchange.  The funds were stolen by North Korean actors in 2018, as detailed in the civil forfeiture complaint also unsealed today.” reads the press release published by the DoJ.

“In the two-count indictment unsealed today in the District of Columbia, 田寅寅 aka Tian Yinyin, and 李家东aka Li Jiadong, were charged with money laundering conspiracy and operating an unlicensed money transmitting business.”

The activity of the Lazarus APT group (aka HIDDEN COBRA) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. This threat actor has been active since at least 2009, possibly as early as 2007, and it was involved in both cyber espionage campaigns and sabotage activities aimed to destroy data and disrupt systems.

The group is considered responsible for the massive WannaCry ransomware attack, a string of SWIFTattacks in 2016, and the Sony Pictures hack.

Kaspersky researchers have analyzed the attacks carried out by North Korea-linked Lazarus APT group in the past 18 months and confirmed their interest in banks and cryptocurrency exchanges.

In the mid-2018, the APT targeted cryptocurrency exchanges and cryptocurrency companies, experts from Kaspersky Lab tracked a campaign dubbed Operation AppleJeus aimed at spreading a tainted cryptocurrency trading application. After releasing Operation AppleJeus, the Lazarus group carried out other attacks against cryptocurrency businesses using similar tactics. The researchers spotted more macOS malware similar to the one that was involved in Operation AppleJeus. In the mid-2018, the APT targeted cryptocurrency exchanges and cryptocurrency companies, experts from Kaspersky Lab tracked a campaign dubbed Operation AppleJeus aimed at spreading a tainted cryptocurrency trading application.

According to US Treasury and DoJ, North Korea-linked hackers focus on cryptocurrency exchange to raise funds and bypass international sanctions. US officials pointed out that the operations carried out by the state-sponsored hackers pose a grave threat to the security and integrity of the global financial system

Money stolen in cyber heists was obtained from North Korea with the help of cryptocurrency scheme and the involvement of Chinese banks and a network of money mules.

Tian and Li had a crucial role in this scheme, they are accused of laundering cryptocurrency received by North-Korea and of converting it into Chinese fiat currency (yuan) or into Apple gift cards that could be used to cash out the money.

According to the Treasury and DOJ, Tian and Li received funds from North Korea-controlled accounts in at least two cases.

The defendants received $91 million from North Korea-controlled accounts that can be traced back to the 2018 cryptocurrency exchange hack and additional $9.5 million from another exchange.

“The pleadings further allege that between December 2017 and April 2019, Yinyin and Jiadong laundered over $100 million worth of virtual currency, which primarily came from virtual currency exchange hacks.” continues the press release. “The defendants operated through independent as well as linked accounts and provided virtual currency transmission services for a fee for customers.  The defendants conducted business in the United States but at no time registered with the Financial Crimes Enforcement Network (FinCEN). “

According to prosecutors, the Chinese duo helped convert more than $34 million of the $91 million they received back into Chinese yuan, then they deposited the money into a Chinese bank account.

US officials said that the two men also converted $1.4 million worth of Bitcoin into Apple gift cards, they did not disclose the names of the hacked exchange.

“As a result of today’s action, all property and interests in property of these individuals that are in the United States or in the possession or control of U.S. persons must be blocked and reported to OFAC. OFAC’s regulations generally prohibit all dealings by U.S. persons or within the United States (including transactions transiting the United States) that involve any property or interests in property of blocked or designated persons.” reads the press release published by the US Treasury.

No restriction has been applied to the Chinese banks

Pierluigi Paganini

(SecurityAffairs – North Korea, cryptocurrency)

[adrotate banner=”5″]

[adrotate banner=”13″]