Since 2006, North Korea is struggling with sanctions. It was imposed shortly after NK’s first nuclear test. With every nuclear test and explosion, United Nations Security Council has been strengthening sanctions, banning new export and import products. The newest sanctions, banning North Korea from exporting their most profitable products, is estimated to take $1 billion from their annual trade of $3 billion. In order to compensate the loss, North Korea engages in various cyber crimes, violating international law. North Korea operations are thought to have generated over $2 billion, balancing their economical damage.
Cyber crimes are low cost, easily performed and hard to trace. Reward for good execution is also very attractive to North Korea. Behind those attacks stands the Reconnaissance General Bureau – top North Korean military intelligence agency. The Bureau targets mainly financial institutions and cryptocurrency exchanges to generate income. Targeting cryptocurrencies in their attacks make it a lot harder to trace than a regular banking sector. 2019 United Nations report stated that money from North Korea cyber crimes are raised for its WMD (weapons of mass destruction) programs. Anne Neuberger, US deputy national security adviser for cyber security, confirmed that information and provided additional numbers about North Korea funding „North Korea uses cyber to gain, we estimate, up to a third of their funds for their missile program”. North Korea is now treated as one of the world’s four principal nation state-based cyber threats, alongside China, Russia, and Iran. Thing also worth mentioning is that, because of the UN sanction North Korea is unable to export coal, they found a pretty good use for it. It uses the excessive coal to power its own crypto-mining plants to accumulate even more digital currencies, says Harvard University’s researchers.
Lazarus Group
It is a North Korean state-sponsored cybercrime group, attributed to the Reconnaissance general Bureau. The group has been active since at least 2009 and is responsible for numerous cyberattacks around the world. Multinational cybersecurity provider, Kaspersky Lab reported in 2017 that Lazarus have a sub-group called Bluenoroff which performs financial cyberattacks. Kaspersky found a direct connection between Bluenoroff and North Korea. According to a 2020 report by the U.S. Army Bluenoroff has about 1700 members. The group target is mainly financial institutions and cryptocurrency exchanges. The revenue most likely go towards development of missile and nuclear tech.
Lazarus Group has been responsible for many cyberattacks against at least 17 countries. Examples:
- The Sony Pictures studio hack in 2014. Sony Pictures released a comedy The Interview about a fictional assassination attempt on Kim Jong Un. Attack resulted in leaking unreleased movies and thousands of private documents. Lazarus Group was also responsible for this attack.
- Theft of $951 million from the Central Bank of Bangladesh in 2016 via a hack of SWIFT banking system. Analysts cite that this heist is a great example of how time consuming it is to target traditional banking. Lazarus Group broke into the bank’s computer lurked inside a system for a year before executing the attack.
- In 2017 the Lazarus Group unleashed WannaCry ransomware, which infected at lease 200k computers in 150 countries. It infected computers at hospitals, oil companies, banks and many other organizations around the world.
- According to Chainalysis the Lazarus group have stolen more than $1.75 billion worth of cryptocurrency. They attacked exchange KuCoin and stole $275 million worth of cryptocurrency, which is a third-largest crypto theft of all time.
- In 2018 Recorded Future report linked the Lazarus Group to attacks on Bitcoin and Monero. To perform this attack the group used phishing to steal users credentials from various crypto exchanges and then take the currency from the account.
Future risks
There are more and more decentralized exchanges on the market, and launch of new cryptocurrencies such as monero, are obviously make it a lot harder for law enforcement to track. Moreover, some analysts predict that more goods and services will be purchasable using crypto. It would allow North Korea to avoid sanctions on importing some products. Rohan Massey, partner at US law firm Ropes and Gray says „you could already use crypto to buy missile parts on the dark web years ago – so imagine what you could buy a few years from now.” This quote shows that even with ongoing sanctions on North Korea, it can bypass them easily with crypto which now they even mine themselves.
Sources:
https://www.latimes.com/nation/la-na-north-korea-sanctions-20170805-story.html
https://www.reuters.com/article/us-northkorea-cyber-un-idUSKCN1UV1ZX
https://complyadvantage.com/insights/cyber-north-korea-risks/
https://en.wikipedia.org/wiki/Lazarus_Group
https://securelist.com/lazarus-under-the-hood/77908/
https://blog.chainalysis.com/reports/lazarus-group-kucoin-exchange-hack/
https://www.cfr.org/backgrounder/north-korea-sanctions-un-nuclear-weapons
https://thediplomat.com/2020/11/why-is-north-korea-so-good-at-cybercrime/
https://blog.chainalysis.com/reports/lazarus-group-kucoin-exchange-hack/
https://www.cfr.org/backgrounder/north-korea-sanctions-un-nuclear-weapons
https://thediplomat.com/2020/11/why-is-north-korea-so-good-at-cybercrime/