North Korean leader Kim Jong Un is reportedly finances for North Korea’s nuclear program by targeting cryptocurrency exchanges and financial institutions. | Source: KCNA). KCNA/via REUTERS

A confidential United Nations report has revealed that North Korea raked in approximately $2 billion by hacking cryptocurrency exchanges as well as mainstream financial institutions, according to Reuters. The hermit kingdom has subsequently channeled the stolen funds to its nuclear and missile program.

The report that was prepared for the North Korea sanctions committee of the U.N. Security Council was compiled by independent experts who have been monitoring the situation in the last six months.

According to the experts, many of the cyber attackers from North Korea were acting on the instructions of the country’s intelligence agency, the Reconnaissance General Bureau, with the specific aim of raising money for the weapons of mass destruction programs:

[The state-sponsored actors] used cyberspace to launch increasingly sophisticated attacks to steal funds from financial institutions and cryptocurrency exchanges to generate income.

35 crime scenes in 17 countries

Per the experts, there are ‘at least 35 reported instances’ which are being investigated where the state-sponsored actors from North Korea were involved in attacking cryptocurrency exchanges and banks in about 17 countries.

The independent experts also believe that North Korea engaged in cryptocurrency mining as another way of generating income for its weapons program.

With North Korea currently under heavy sanctions, it has limited income sources as exports of its minerals and fishery products are banned.

North Korea’s ROI from hacking crypto exchanges is growing!

This is not the first time that North Korea stands accused of turning to crypto to evade economic sanctions. However, this is the first time that the amounts generated from the nefarious activities by the rogue state are exceeding $1 billion.

In March this year, it was reported that North Korea had amassed cryptocurrency worth approximately $650 million mainly through hacking crypto exchanges using the state-sponsored outfit.

Last year in October, cybersecurity firm FireEye identified the state-sponsored outfit as APT38. At the time, FireEye indicated that the more famous cybercriminal outfit known as Lazarus Group was mostly involved in cyber espionage and not hacking cryptocurrency exchanges and banks.

crypto
APT38’s attack lifecycle | Source: FireEye

If the $2 billion that North Korea has raked in from hacking crypto exchanges and banks was attributable entirely to APT38, its success while remaining relatively obscure lies largely on its modus operandi. Per FireEye, APT38 plays the long game and is ruthlessly efficient.

Additionally, the cybercriminal organization leaves no trail. After launching attacks, the group engages in a ‘constant effort to thwart investigations capped with a willingness to completely destroy compromised machines afterwards’.