Home / News / Crypto / North Korean Crypto Crime Amounts to Huge Portion of Country’s Funds, According to UN
5 min read

North Korean Crypto Crime Amounts to Huge Portion of Country’s Funds, According to UN

Published March 21, 2024 12:08 PM
Teuta Franjkovic
Published March 21, 2024 12:08 PM
By Teuta Franjkovic
Verified by Peter Henn

Key Takeaways

  • North Korea’s cyber theft activitieshave become a crucial source of foreign financing.
  • Pyongyang’s cyberattacks go beyond stealing money, targeting defense firms to steal weapons secrets.
  • The UN Panel of experts called for a concerted international response to counter the surge in North Korean cybercrime.

A recent UN report  highlights that North Korea’s cyber theft of cryptocurrency significantly funds its foreign financing, potentially making up to half of it, and significantly supports its nuclear program.

Since 2017, DPRK cybercriminals are estimated to have stolen $3 billion in virtual assets.

UN Report: North Korea’s attacks Target Crypto, Nuke Program Advances

The UN Panel of Experts on the DPRK, in their annual report  released Wednesday, mentioned that they are probing 58 cyberattacks purportedly executed by Pyongyang, targeting cryptocurrency services from 2017 to 2023, in addition to other unlawful cyber operations.

The report also sheds light on North Korea’s ongoing nuclear advancements and ballistic missile tests, the illicit importation of sanctioned petroleum products via ship-to-ship transfers, purported arms dealings, and attempts to generate income through workers stationed abroad, among other actions violating UN Security Council sanctions.

Additionally, the report discusses  North Korea’s use of artificial intelligence in phishing schemes.

North Korea’s Cybercrime Finances WMD Development

According to reports from member states, cybercrime significantly bolsters North Korea’s foreign financing, contributing to 40-50% of it and crucially supporting its weapons of mass destruction program. The Panel of Experts is delving into 17 cryptocurrency thefts in 2023, with losses surpassing $750 million, positioning this year’s total within the $600 million to $1 billion range estimated by leading analytics firms for the previous year. These estimations can fluctuate as new details emerge, highlighting the complexity of attributing cybercrimes.

Although these figures mark a decrease from the $1.7 billion reported stolen by North Korean actors in 2022, according to Chainalysis , they still represent a significant uptick from any earlier years. The report details the methods employed by North Korean cybercriminals to secure and launder these illicit gains, including sophisticated social engineering, using third-party suppliers, utilizing cryptocurrency mixers for laundering, engaging in “chain hopping” and exploiting cross-chain bridges, as well as liquidating through private brokers.

To combat the rising tide of DPRK’s cyber theft, the Panel suggests several preventive steps: securing unused digital assets in cold storage, enabling multi-factor authentication, closely monitoring network activities for breach attempts, and employing browser extensions to block unauthorized cryptocurrency mining.

Cybercriminals Target Defense Firms to Fuel Weapons Development

North Korea is expanding its cyberattacks beyond stealing cryptocurrency. A report reveals their efforts to target defense companies in multiple countries, including the US, Russia, and South Korea. The goal? Stealing sensitive data to improve their weapons program. Hackers use various tactics, like spear-phishing emails disguised as job offers, to infiltrate these companies.

Noteworthy incidents include the Lazarus Group’s sophisticated spear-phishing attack on a Spanish aerospace entity, utilizing LinkedIn to masquerade as recruiters. Additionally, efforts to extract data from South Korean shipbuilders were aimed at enhancing North Korea’s naval capabilities, alongside a targeted Lazarus operation against nuclear engineers and defense industry experts.

The report also details North Korea’s broader cybercrime activities. They exploit weaknesses in supply chains, develop malware, and spread it through various platforms. Notably, they’re using advanced techniques like uncommon programming languages and leveraging AI in phishing attempts. These developments raise concerns about North Korea’s growing capabilities in unauthorized cyber activities.

Of particular worry is the targeting of a report author, possibly to evade sanctions. This incident highlights the potential for North Korea to use cybercrime for more than just military purposes.

Expert Panel Urges Global Actions to Counter Cybercrime Surge

The report calls for action against North Korean cybercrime. The Panel of Experts recommends sanctions against five hacking groups believed to operate for the country’s Reconnaissance General Bureau. While some nations have already taken measures, the report pushes for wider enforcement through U.N.-level sanctions. However, political divisions  within the Security Council make this unlikely.

The report also highlights the need for private sector vigilance. It urges countries to assess risks associated with digital currencies and establish information-sharing channels. Additionally, it recommends stricter anti-money laundering measures and stronger know-your-customer protocols from cryptocurrency exchanges to hinder North Korean cybercriminals.

Was this Article helpful? Yes No