Last year, the administration announced a flurry of sanctions against North Korean hacker groups, front companies and IT employees, and blacklisted several crypto services used to launder stolen funds. Earlier this month, National Security Advisor Jake Sullivan announced a new agreement with Japan and South Korea aimed at cracking down on North Korea’s vast crypto wealth and thereby locking out funding for its nuclear and conventional weapons programs. announced a partnership.
“In countering North Korea’s cyber operations, our top priority has been to focus on their cryptocurrency theft,” Anne Neuberger, the National Security Council’s top cybersecurity official, said in an interview. Ta.
Neuberger said increased efforts to blunt North Korea’s cyber operations are being further fueled by growing alarm about where the fruits of these attacks are going.
She said that hacking allows North Korea to “evade sanctions, evade measures taken by the international community to target weapons proliferation, missile regimes, and the increase in the number of launches that we have seen.” claimed to have become possible.
Poor regulation and lax security in the fast-growing cryptocurrency industry, dominated by startups, make it an easy target for North Korean hackers. Cryptocurrencies have built-in privacy features and can also be used as powerful tools to circumvent sanctions, as they can be sent across borders with the click of a mousepad.
North Korea is
Conducted approximately 100 ballistic missile tests
Last year, it conducted its first intercontinental ballistic missile test.
within 5 months
on monday. It was also exported from November to August.
Over 1 million shells
According to South Korean intelligence, to Russia.
U.S. authorities increasingly believe the key to slowing this type of activity lies at the intersection of hacking and cryptocurrencies.
Last year, North Korea-related hackers
stole about $1.7 billion
According to estimates by cryptocurrency tracking firm Chainalysis, it is equivalent to digital money.
And in May, Neuberger estimated that:
about half of that
North Korea’s missile program is funded by cyberattacks and cryptocurrency theft.
State Department spokesman Vedant Patel said North Korean hackers are “directly funding” North Korea’s weapons of mass destruction and ballistic missile programs.
Until recently, North Korea’s cyber capabilities had received relatively little attention in Washington. Experts say the problem is overshadowed by concerns that digital attacks could spill over into conflicts in Ukraine or Gaza, or if China invades Taiwan.
“People tend to think, “How could quote-unquote ‘Hermit Kingdom’ be a serious player from a cyber perspective?” Adam, senior vice president at cybersecurity firm CrowdStrike・Mr. Myers said in an interview. “But the reality couldn’t be further from the truth.”
Private sector researchers say North Korean hackers have caught Western companies by surprise with their technological ingenuity and ability to blend old-fashioned espionage techniques and cyber operations with sheer brazenness.
And while those who study North Korea’s cyber operations argue that North Korea’s proficiency in cryptocurrency theft poses a major challenge to the West today, they also view North Korea as a mere threat to financial theft. They also argue that it is dangerous to classify them as such.
According to several indicators, North Korea launched more than a dozen supply chain attacks last year. This is a sophisticated tactic that allows hackers to compromise software delivery pipelines and gain near-unlimited access to a wide range of companies.
Tom Hagel, a threat researcher at cybersecurity firm Sentinel One, said the importance of these attacks is “hugely underestimated by the public” and that the direct victims of the attacks, including individuals and anonymous crypto This is because it caused almost no damage to anyone other than start-up companies.
But cybersecurity experts say some of the same techniques they’ve honed in targeting these companies may have been used to cause widespread digital disruption. Says.
In April, researchers at cybersecurity firm Mandiant revealed that North Korean hackers had stolen cryptocurrencies.
first publicly known case
Software supply chain “double” hacking – jumping from one software maker to a second software maker, and from there to the company’s customers.
Mandiant assessed that the hackers were targeting cryptocurrencies. But if North Korea had wanted to, it could have used such tactics to cause “significant damage,” Sentinel One’s Hagel said.
Mick Baccio, global security advisor at security firm Splunk, added that North Korea “is something that no one can do on a global scale.”
Asked about his level of concern that North Korean hackers could become more capable and destructive, Neuberger said North Korean hackers were “competent, creative, and aggressive.” ” was admitted.
But he said the White House believes North Korea is focused on stealing money and intellectual property that could be used in the country’s weapons programs. He also argued that cutting off the profitability of North Korean hacking is one of the best ways to stop North Korean hacking.
“The goal is to aggressively reduce the profitability of hacking by the regime,” she said.
North Korea’s mastery of computer warfare has amazed onlookers for nearly a decade.
They famously gained public attention in 2014 when North Korean agents hacked Sony Pictures Entertainment and threatened the studio not to release “The Interview.” .,” is a vulgar comedy about the assassination of Kim Jong-un. Years later in his 2017, they released a self-spreading computer virus.
Billions of dollars in damages
within a few hours.
But in addition to the increasing technological prowess of North Korean hackers, what has recently alarmed onlookers is the volume and variety of their activity.
For the past 18 months, U.S. intelligence agencies have been warning that North Korea is targeting them.
think tanks and academics
collect information,
Staging a ransomware attack
The scheme involves encrypting victims’ data until they pay extortion fees to US medical companies.
Recently, the Department of Justice, FBI, and Treasury Department
has also accused
North Korea sends thousands of high-tech workers to Russia and China, where they secure remote IT jobs at global companies under false identities and funnel their salaries to the regime.
In a recent case
Although it received little attention outside the region, North Korean hackers conspired with insiders at a South Korean data recovery company to extort millions of dollars from unwitting victims of the Pyongyang attack.
A small portion of that money appears to have returned to Pyongyang, according to South Korean law enforcement. However, this scheme dates back to his 2017 and previously involved a ransomware variant not associated with North Korea.
Erin Plante, vice president of investigations at Chainalysis, said the case shows how creative the country has been in finding ways to evade surveillance and circumvent international sanctions.
“This shows that they’re always thinking outside the box, evolving, and following the news just like the rest of us. It’s a little scary,” she said.
Michael Barnhart, a North Korea expert at cybersecurity firm Mandiant, said the plan was reminiscent of several other operations carried out by the country’s hacking forces in recent memory, some of which are still active. He said it has not been made public.
A common theme, he argued, is how well North Korea combines cyber operations with more traditional espionage and money laundering tactics.
“This is a very well-organized criminal family,” he said.
