Hacker News with Generative AI: North Korea

North Korea's Favorite Crypto Laundering Tool: THORChain (coindesk.com)
Researchers say North Korea used THORChain to launder $1.2 billion following the biggest-ever crypto heist.
DPRK IT Workers in Open Source and Freelance Platforms (ketman.org)
On February 9, 2025, we discovered a suspicious actor within the repository of a legitimate developer. Initially, we informed the developer about the potential malicious intent of one of his active committers. This led us into a two-month-long process of discovering additional North Korean actors, “PR Spammers” and experiencing the subpar vetting process present in one of the “Pay for PR” (freelance) platforms in Web3.
North Korea's vast operation to help Russia's war (reuters.com)
The Reuters investigation shows the extent of Russia’s reliance upon North Korean shells on the battlefield, which helped it pursue a war of attrition that Ukraine has struggled to match. At times over the past year, the vast majority of shells fired by some Russian units were from North Korea, Reuters found.
North Korea targets Irish tech sector with undercover workers (rte.ie)
Ireland's technology sector is being targeted by a North Korean government operation aimed at raising and extorting funds for its nuclear weapons programme, a senior threat intelligence analyst with Google has told Prime Time.
N. Korean smartphones add screenshot function with notable exceptions (dailynk.com)
North Korean smartphones have added a screenshot function, though it doesn’t work with certain content or applications related to the country’s leaders.
North Korea orchestrated the biggest cyber heist in history (elpais.com)
It all happened overnight and in a matter of minutes. Ben Zhou, CEO of the cryptocurrency exchange Bybit, made a series of routine transfers from his home computer. A short while later, his company called to inform him that his reserves of Ethereum, the second most-used cryptocurrency after Bitcoin, worth $1.5 billion, had vanished. By then, the ethers had already been transferred to thousands of other people’s digital wallets. Bybit had just suffered the largest theft in history.
North Korean IT workers have infiltrated the Fortune 500 (yahoo.com)
Fortune 500 companies have unwittingly hired thousands of software engineers who claim to be American developers but are actually North Korean citizens using stolen or fake identities.
North Korean IT workers have infiltrated the Fortune 500 (fortune.com)
Thousands of North Korean IT workers have infiltrated the Fortune 500—and they keep getting hired for more jobs
How 1000 Volvos Ended Up in North Korea (2017) (npr.org)
Twenty-eight years ago, U.S. journalist Urban Lehner was riding in the back seat of a speeding Volvo 144 sedan. He was on assignment for The Wall Street Journal in North Korea. The road out of Pyongyang was empty.
Record thefts boost North Korea to third-largest Bitcoin holder (thetimes.com)
The North Korea worker problem is bigger than you think (cyberscoop.com)
North Korean nationals have infiltrated businesses across the globe with a more expansive level of organization and deep-rooted access than previously thought, insider risk management firm DTEX told CyberScoop.
Donate USB Drives and SD Cards to Help US Smuggle Outside Info into North Korea (flashdrivesforfreedom.org)
Believe it or not, USBs are a significant form of sharing information in North Korea. Many citizens have devices with USB ports and SD card slots. So for many years, North Korean defectors have organized efforts to smuggle outside info into North Korea on USB drives to counter Kim Jong-un’s constant propaganda. But these groups were buying memory devices at cost with limited resources.
North Korea Launders Billions in Stolen Crypto (coindesk.com)
North Korea has stolen over $5 billion from the crypto sector since 2017.
Lazarus Group deceives developers with 6 new malicious NPM packages (cyberscoop.com)
Lazarus Group has burrowed deeper into the npm registry and planted six new malicious packages designed to deceive software developers and disrupt their workflows, researchers at cybersecurity firm Socket said in a Monday blog post.
Strava bans user for running in North Korea (dcrainmaker.com)
On the list of quirky things, I didn’t have “Strava bans user for running in North Korea” on my bingo card today. But here we are. I’ve just spent the last hour going down the rabbit hole that is the Pyongyang Marathon (in North Korea), and it turns out – it’s a thing. As in, as thing that outsiders come and run. There’s even an official website for it. In fact, there’s been 31 editions of it.
Strava Bans User for Running in North Korea (dcrainmaker.com)
On the list of quirky things, I didn’t have “Strava bans user for running in North Korea” on my bingo card today. But here we are. I’ve just spent the last hour going down the rabbit hole that is the Pyongyang Marathon (in North Korea), and it turns out – it’s a thing. As in, as thing that outsiders come and run. There’s even an official website for it. In fact, there’s been 31 editions of it.
New North Korean Android Spyware Slips onto Google Play (bleepingcomputer.com)
A new Android spyware named 'KoSpy' is linked to North Korean threat actors who have infiltrated Google Play and third-party app store APKPure through at least five malicious apps.
North Korean Lazarus hackers infect hundreds via NPM packages (bleepingcomputer.com)
Six malicious packages have been identified on npm (Node package manager) linked to the notorious North Korean hacking group Lazarus.
First British tourists allowed back into North Korea tell BBC what they saw (bbc.co.uk)
Don't insult the leaders. Don't insult the ideology. And don't judge.
How North Korea pulled off a $1.5B crypto heist–the biggest in history (arstechnica.com)
The cryptocurrency industry and those responsible for securing it are still in shock following Friday’s heist, likely by North Korea, that drained $1.5 billion from Dubai-based exchange Bybit, making the theft by far the biggest ever in digital asset history.
North Korea steals $1.5B as it pulls off biggest ever heist (aol.com)
State-backed North Korean hackers have stolen $1.5bn (£1.2bn) of cryptocurrency in the largest heist in history.
How North Korea pulled off a $1.5B crypto heist–the biggest in history (arstechnica.com)
The cryptocurrency industry and those responsible for securing it are still in shock following Friday’s heist, likely by North Korea, that drained $1.5 billion from Dubai-based exchange Bybit, making the theft by far the biggest ever in digital asset history.
North Korea pulled off a $1.5B crypto heist–the biggest in history (arstechnica.com)
The cryptocurrency industry and those responsible for securing it are still in shock following Friday’s heist, likely by North Korea, that drained $1.5 billion from Dubai-based exchange Bybit, making the theft by far the biggest ever in digital asset history.
$1.5B Bybit Hack – How the biggest hack in history happened (harrydonnelly.substack.com)
Yesterday, ~$1.4bn was stolen from Bybit. This is the largest hack in crypto history, completed by Lazarus Group, North Korea’s state sponsored cyber-crime unit.
Bybit sees over $4B 'bank run' after crypto's biggest hack (coindesk.com)
Major cryptocurrency exchange Bybit has seen total outflows of over $5.5 billion after it suffered a near $1.5 billion hack that saw hackers, believed to be from North Korea’s Lazarus Group, drain its ether cold wallet.
SEAL Advisory on DPRK Threat to Crypto Exchanges (securityalliance.org)
Less than 12 hours ago, DPRK operatives stole over US$1.5 billion in Ethereum from Bybit.
Rare Photos from Inside North Korea's 'Hotel of Doom' (2023) (9news.com.au)
The stranger than strange Ryugyong Hotel in Pyongyang, North Korea is one of the tallest unoccupied buildings in the world, and Englishman Simon Cockerell may be one of only two westerners to have ever been allowed inside.
Dinner at a North Korean Restaurant in Shanghai (2016) (wordpress.com)
Shrouded in secrecy and isolated from the world, North Korea exudes an air of mystery.
North Korean IT teams infiltrate global freelance platforms (dailynk.com)
North Korea has intensified its covert foreign currency operations by sending elite IT workers to China and Southeast Asia as freelancers.
North Korean Apt Lazarus Targets Developers with Malicious NPM Package (socket.dev)
Socket researchers have discovered the malicious npm package postcss-optimizer, which contains code linked to previously documented campaigns conducted by North Korean state-sponsored threat actors known as Contagious Interview, a subgroup within the broader Lazarus Advanced Persistent Threat (APT) group.