United Nations Security Council References SlowMist’s Expert Analysis in Recent Report

SlowMist
6 min readApr 16, 2024

--

On March 7, 2024, the United Nations Security Council’s Sanctions Committee released a report detailing North Korea’s activities throughout 2023. Spanning 615 pages, the report cites the analytical findings from the SlowMist AML (Anti-Money Laundering) team regarding incidents such as the Harmony Bridge, Atomic Wallet, Alphapo, CoinsPaid, and Poloniex attacks.

(https://www.un.org/securitycouncil/en/sanctions/1718/panel_experts/reports)

This report covers information from July 29, 2023, to January 26, 2024, highlighting several key issues:

1. North Korea, officially known as the Democratic People’s Republic of Korea (DPRK), continues to engage in activities that violate Security Council resolutions, including the development of nuclear weapons and the production of nuclear fissile material. North Korea has conducted multiple tests of nuclear delivery systems using ballistic missile technology and has launched cruise missiles.

2. The DPRK and its associates have employed various deceptive and evasive tactics to circumvent maritime sanctions. These include tampering with ships’ location data, manipulating identification systems, altering the appearance of ships, and engaging in illegal identity exchanges. There are signs of increased trade volumes and imports of luxury goods, such as new motor vehicles and luxury brand products. Despite facing severe international sanctions, North Korea’s violations continue unabated.

3. The Panel continues to investigate entities and individuals involved in banned exports, including companies suspected of selling North Korean-made equipment, such as Global Communications; companies allegedly connected to networks that facilitate arms trades between the DPRK and the Russian Federation, such as Versor S.R.O.; and several cases of weapon trades involving North Korea and other countries. North Korea’s Reconnaissance General Bureau and its affiliated cyber threat actors (Kimsuky, Lazarus Group, Andariel, and BlueNoroff) persist in conducting cyber attacks primarily aimed at stealing valuable information and generating illegal revenue.

4. Through its overseas banking representatives, North Korea has violated Security Council resolutions by using the international financial system for illicit financial activities. The country continues to target the cryptocurrency industry to circumvent UN sanctions and generate income, with malicious cyber activities providing approximately half of its foreign earnings.

5. The report concludes that although North Korea has received some humanitarian aid, it has not made decisive changes regarding its military and nuclear agenda. With financial support from within the country, North Korea’s nuclear and missile capabilities continue to expand.

The report also touches on several aspects related to cryptocurrencies. According to one member state, about 50% of North Korea’s foreign exchange income from malicious cyber activities is used to fund its weapons programs. Another member state reported that 40% of North Korea’s weapons of mass destruction program is financed through illegal online activities. Between 2017 and 2023, North Korea is suspected of launching 58 cyber attacks on cryptocurrency-related companies, with estimated losses of about $3 billion. These funds are believed to be used to advance the country’s development of weapons of mass destruction.

Agents in the Democratic People’s Republic of Korea have reportedly used the following patterns to steal funds from companies related to the cryptocurrency industry:

Hacking groups Lazarus Group and BlueNoroff are launching phishing campaigns on multiple platforms targeting cryptocurrency industry employees, including blockchain engineers and other developers, with the goal of breaking into company networks for subsequent attacks. Additionally, North Korean actors are deploying sophisticated attack stages, using various defense evasion techniques, and uploading and hosting malware on different platforms. The Lazarus Group also collaborated with a South Korean company to distribute ransomware and received approximately $2.6 million in ransom payments from more than 700 victims. Overall, hacker groups affiliated with North Korea’s Reconnaissance General Bureau continue to launch a large number of cyberattacks, with trends including targeting defense companies and supply chains and increasingly involving shared infrastructure and tools.

On page 539 of the report, it included data from the 2023 Blockchain Security and Anti-Money Laundering Annual Report produced by SlowMist, including analysis of the hacker organization Lazarus Group. Supported by the robust intelligence from the InMist Intelligence Network partners, the SlowMist AML team conducted in-depth tracking and analysis of multiple theft incidents related to the Lazarus Group, such as those involving Atomic Wallet and Alphapo, and analyzed subsequent illegal fund transfers related to the CoinsPaid hot wallet unauthorized withdrawals incident.

Additionally, on page 553, the report cites the SlowMist AML team’s analysis of the hacking incident at the Poloniex exchange on November 10, 2023, which resulted in losses of approximately $130 million. The rapid and professional manner of the attack led our AML team to suspect it was a typical APT (Advanced Persistent Threat) attack, likely carried out by the North Korean hacker organization Lazarus Group. Following the incident, our team promptly intervened to analyze and quantify the total losses, involved tokens, hacker addresses, and shared their findings in a timely manner.

We have been deeply involved in the cryptocurrency anti-money laundering field for many years, developing a comprehensive and effective suite of solutions that includes compliance, investigation, and auditing, actively contributing to the construction of a healthy cryptocurrency ecosystem. We also provide professional services to the Web3 industry, financial institutions, regulatory bodies, and compliance departments.

MistTrack, a prominent platform in analyzing blockchain attack events, offers wallet address analysis, fund monitoring, and traceability for compliance investigations. It has amassed over 300 million address tags, more than 1,000 address entities, over 500,000 threat intelligence data points, and 90 million+ risk addresses. These resources play a crucial role in ensuring the security of digital assets and combating money laundering activities.

Finally, if you were the victim of an exploit, scam, or phishing attack, we offer a free community assistance service for case assessment. Simply submit a form and the hacker addresses will also be synchronized with the InMist Threat Intelligence Cooperative Network for risk control.

Chinese: https://aml.slowmist.com/cn/recovery-funds.html
English: https://aml.slowmist.com/recovery-funds.html

About SlowMist

At SlowMist, we pride ourselves on being a frontrunner in blockchain security, dedicating years to mastering threat intelligence. Our expertise is grounded in providing comprehensive security audits and advanced anti-money laundering tracking to a diverse clientele. We’ve established a robust network for threat intelligence collaboration, positioning ourselves as a key player in the global blockchain security landscape. We offer tailor-made security solutions that span from identifying threats to implementing effective defense mechanisms. This holistic approach has garnered the trust of numerous leading and recognized projects worldwide, including names like Huobi, OKX, Binance, imToken, Crypto.com, Amber Group, Klaytn, EOS, 1inch, PancakeSwap, TUSD, Alpaca Finance, MultiChain, and Cheers UP. Our mission is to ensure the blockchain ecosystem is not only innovative but also secure and reliable.

We offers a variety of services that include but are not limited to security audits, threat intelligence, defense deployment, security consultants, and other security-related services. We also offer AML (Anti-money laundering) solutions, Vulpush (Vulnerability monitoring) , SlowMist Hacked (Crypto hack archives), FireWall.x (Smart contract firewall) , Safe Staking and other SaaS products. We have partnerships with domestic and international firms such as Akamai, BitDefender, FireEye, RC², TianJi Partners, IPIP, etc.

By delivering a comprehensive security solution customized to individual projects, we can identify risks and prevent them from occurring. Our team was able to find and publish several high-risk blockchain security flaws. By doing so, we wish to help spread awareness and raise the security standards in the blockchain ecosystem.

💬Website 🐦Twitter ⌨️GitHub

--

--

SlowMist
SlowMist

Written by SlowMist

SlowMist is a Blockchain security firm established in 2018, providing services such as security audits, security consultants, red teaming, and more.