Cybercrime , Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime

North Korean Hacking Funds WMD Programs, UN Report Warns

$2 Billion From Cryptocurrency and Bank Heists Funneled to Weapons
North Korean Hacking Funds WMD Programs, UN Report Warns
North Korean leader Kim Jong-un watches a missile demonstration on Aug. 6. (Photo: Korean Central News Agency)

The government of North Korea continues to punch above its geopolitical weight by using well-orchestrated hack attacks to steal money that it's using to fund its weapons-development programs, in violation of international sanctions, a confidential UN report warns.

See Also: OnDemand | Combatting Rogue URL Tricks: How You Can Quickly Identify and Investigate the Latest Phishing Attacks

The regime's hacking modus operandi has long included online bank heists - including the Bangladesh Bank attack - as well as hacking cryptocurrency exchanges and deploying cryptocurrency miners (see UN Report: North Korea Targets Cryptocurrency Exchanges, Banks).

But a new, leaked UN report, seen by Reuters and the BBC, warns that “widespread and increasingly sophisticated” cyberattacks backed by North Korea have enabled the regime to not just stay afloat, but also drive an estimated $2 billion into developing weapons of mass destruction. The report also found evidence of “continued violations” of sanctions that have helped the country obtain prohibited luxury goods as well as weapons components.

Missile Demonstrations Continue

Evidence of those capabilities has recently been on display. On Tuesday, the country launched two short-range ballistic missiles, marking its fourth round of missile launches in just two weeks. The official Korean Central News Agency said the missiles had been fired from the country's western South Hwanghae province into the sea in the east.

Photograph of the Aug. 6 missile launch released by DPRK media

Since 2011, North Korea - officially known as the Democratic People's Republic of Korea - has been led by Kim Jong-un. On Wednesday, he said the missile tests should stand as a warning to the U.S. and South Korea, which on Monday began joint military drills.

The UN Security Council North Korea sanctions committee was created in 2006 to try to curtail the country's development of nuclear weapons and intercontinental ballistic missiles, or ICBMs. To do so, the UN Security Council froze the government's assets and capped the importation of crude oil and refined petroleum products and banned the supply of all arms and related material. It also prohibited other countries from supplying North Korea with natural gas as well as coal, iron, gold and other metals; food and agricultural products; and aviation, rocket and jet fuel, among other items, while also leaving humanitarian exemptions. The UN also banned exports from North Korea of coal, textiles, seafood and other goods.

The UN Security Council North Korea sanctions committee didn't immediately respond to a request for comment.

But Reuters says that the new, confidential report to the committee - prepared by a team of experts that has been monitoring the country's compliance with the sanctions - notes that North Korea has “continued to enhance its nuclear and missile programs although it did not conduct a nuclear test or ICBM launch," in large part due to its ability to steal funds via hack attacks.

Target: Banks and Cryptocurrency Exchanges

Since at least mid-2017, security experts have warned, hackers affiliated with - if not run directly by - the Pyongyang-based government of North Korea had been targeting cryptocurrency exchanges and banks to fund the regime, backed by steady cryptocurrency mining (see: Report: North Korea Seeks Bitcoins to Bypass Sanctions).

The UN report warns that North Korea's Reconnaissance General Bureau, a top military intelligence agency, appears to be directing many of the hack attacks that are being used to fund the regime. Indeed, experts say in the report they are investigating reports from 17 countries totaling “at least 35 reported instances of DPRK actors attacking financial institutions, cryptocurrency exchanges and mining activity designed to earn foreign currency," while at the same time make the source of those funds tough to trace.

Security experts say that part of the problem is that hacking continues to be an easy way for criminals and nation-states alike to generate cash.

But Alan Woodward, a professor of computer science at the University of Surrey, tells Information Security Media Group that the UN Office on Drugs & Crime is also trying to make banks and cryptocurrency exchanges tougher for everyone to hack.

"Hard currency has its own value, and with poorly regulated crypto exchanges sitting there as soft targets … that’s why UNODC have been equipping countries through their anti-cybercrime and money-laundering initiatives to plug the hole," he says.

Diplomatic Pressure

Governments are also trying to get potential targets to better lock themselves down.

While the U.S. State Department couldn't be immediately reached for comment on the UN report, a spokeswoman tells Reuters: “We call upon all responsible states to take action to counter North Korea’s ability to conduct malicious cyber activity, which generates revenue that supports its unlawful WMD and ballistic missile programs."

President Donald Trump has continued to press North Korea to give up its nuclear weapons program. Trump has met with Jong-un three times - first at a summit in Singapore in June 2018, followed by a meeting in Vietnam in February. On June 30, Trump became the first sitting U.S. president to step foot in North Korea, when he visited Jong-un at the Joint Security Area, together with South Korean President Moon Jae-in. To date, Trump's efforts to denuclearize the Korean peninsula have been unsuccessful.

Pyongyang. (Photo: Laika, via Creative Commons)

North Korea's apparent ability to use bank and cryptocurrency exchanges heists, as well as cryptocurrency mining, to funnel $2 billion in hard currency into its weapons programs means that the proceeds from hacking account for a sizable portion of its GDP.

While calculating North Korea's GDP is difficult, in 2015, the CIA pointed to an Angus Maddison study for OECD estimating that the country's GDP was about $40 billion, which had been rounded to the nearest $10 billion. Since then, South Korea's central bank has estimated that the GDP has shrunk, driven by tougher sanctions, with some estimates placing its nominal 2018 GDP at just $32 billion.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.in, you agree to our use of cookies.