Last year, the administration unveiled a series of sanctions against North Korean hacker groups, shell companies and IT workers, and blacklisted several cryptocurrency services they use to launder stolen funds. Earlier this month, National Security Advisor Jake Sullivan
announced a new partnership with Japan and South Korea aiming to suppress Pyongyang’s crypto bonanza – thereby choking off money intended for its nuclear and conventional weapons programs.
“In combating North Korean cyber operations, our first priority has been to focus on their cryptocurrency thefts,” Anne Neuberger, the National Security Council’s top cybersecurity official, said in a statement. interview.
Increased efforts to curb North Korea’s cyber operations are fueled by growing concern about where the fruits of those attacks will go, Neuberger said.
Hacking, she argued, allowed North Korea “to either evade sanctions or measures taken by the international community to target its weapons proliferation… its missile regime and the growth of number of launches that we have seen.
Poor regulation and shoddy security in the fast-growing cryptocurrency sector, dominated by start-ups, make it an easy target for Pyongyang’s hackers. Because of crypto’s built-in privacy features and the fact that it can be sent across borders with the click of a mousepad, it also offers a powerful tool for circumventing sanctions.
North Korea has
carried out around a hundred ballistic missile tests last year, and it conducted its first intercontinental ballistic missile test
in five months Monday. Between November and August, it also exported
more than a million artillery shells to Russia, according to South Korean intelligence services.
U.S. officials increasingly believe the key to slowing this type of activity lies at the intersection of hacking and cryptocurrencies.
Last year, hackers linked to Pyongyang
stole around $1.7 billion value of digital money, according to estimates by cryptocurrency tracking firm Chainalysis.
And in May, Neuberger estimated
that’s about half Much of North Korea’s missile program is financed through cyberattacks and cryptocurrency theft.
North Korean hackers “directly fund” North Korea’s weapons of mass destruction and ballistic missile programs, State Department spokesman Vedant Patel said.
Until recently, North Korea’s cyber prowess has received relatively little attention in Washington. Fear of digital strikes stemming from conflicts in Ukraine and Gaza, or a possible Chinese invasion of Taiwan, has overshadowed the issue, experts say.
“People tend to think: … how could the ‘Hermit Kingdom,’ in quotes, be a serious player from a cybersecurity point of view? » Adam Meyers, senior vice president at cybersecurity company CrowdStrike, said in an interview. “But the reality couldn’t be further from the truth.”
Pyongyang’s hackers have repeatedly taken Western companies by surprise with their technical ingenuity, their ability to mix old-fashioned espionage tricks with cyber operations and their audacity, according to private sector researchers.
And while those who study North Korea’s cyber operations say their ability to steal cryptocurrencies poses a major challenge to the West today, they also argue that it would be dangerous to classify Pyongyang as simply a threat to steal cryptocurrencies. money.
By some indicators, North Korea has launched more than a dozen supply chain attacks over the past year – a sophisticated tactic in which hackers compromise the software delivery pipeline to obtain a almost unlimited access to a wide range of businesses.
The significance of these attacks has been “wildly underestimated by the public,” said Tom Hegel, a threat researcher at cybersecurity firm SentinelOne, because they caused little damage beyond the direct victims of the attacks – often individuals or obscure cryptocurrency startups.
But some of the techniques they perfected to target these companies could have been used to cause widespread digital disruption, cybersecurity experts say.
In April, researchers at cybersecurity firm Mandiant discovered that North Korean hackers had managed to
first publicly known example This is a “double” hack of the software supply chain: moving from one software company to another and from there to the company’s customers.
Mandiant believed that the hackers were after the cryptocurrency. If they had wanted to, however, the North Koreans could have used such tactics to inflict “a massive level of damage,” SentinelOne’s Hegel said.
What North Korea “is capable of doing on a global scale, no one has replicated,” added Mick Baccio, global security advisor at security firm Splunk.
Asked about her concern that North Korean hackers have become more capable and could turn to destructive activities, Neuberger acknowledged that Pyongyang’s hackers are “capable, creative and aggressive.”
But she added that the White House was convinced that the North Koreans were seeking to steal money or intellectual property that could be used for the country’s weapons programs. She also argued that reducing the profitability of North Korean hacks was one of the best ways to deter them.
“The goal is to aggressively reduce the profitability of regime hacking,” she said.
North Korea’s cyberwarfare skills have been surprising onlookers for nearly a decade now.
They burst into public consciousness in 2014, when Pyongyang agents hacked Sony Pictures Entertainment and threatened the film studio not to release “The Interview.”,“, a raunchy comedy that depicts the assassination of Kim Jong Un. Years later, in 2017, they unleashed a self-propagating computer virus that allegedly caused
billions of dollars in damage in a few hours.
But beyond the growing technical skills of North Korean hackers, it is the volume and diversity of their activities that have recently alarmed observers.
Over the past 18 months, US intelligence has warned that Pyongyang is targeting
think tanks and academics to gather information and
organize ransomware attacks – in which they scramble victims’ data until they pay extortion fees – against US healthcare companies.
More recently, the Department of Justice, the FBI and the Department of Treasury
also accused Pyongyang for sending thousands of tech workers to Russia and China, where they obtained remote IT jobs with global companies under false identities and then remitted their salaries to the regime.
In a recent case which has received little attention outside the region, North Korean hackers conspired with insiders at a South Korean data recovery company to defraud millions of unwitting victims of Pyongyang’s attacks.
Only a fraction of that money appears to have found its way to Pyongyang, according to South Korean law enforcement. But the scheme dated back to 2017 and involved a ransomware variant not previously linked to Pyongyang.
The case shows how creative the country has been in finding ways to avoid controls and circumvent international sanctions, said Erin Plante, vice president of investigations at Chainalysis.
“It shows that they are still thinking outside the box and evolving and following the news in the same way we do, which is a little scary,” she said.
Michael Barnhart, a North Korea expert at cybersecurity firm Mandiant, said the project was reminiscent of several other operations the country’s hacking forces have carried out recently — some of which are not yet public.
The common theme, he explained, was how adept Pyongyang has become at mixing cyber operations with more traditional tactics of espionage and money laundering.
“This is a very, very well-organized crime family,” he said.