The Dangers of North Korea’s Ransomware Play

North Korea is an enigmatic country by all standards. Beyond a few tidbits from documentaries and feature films, no one exactly knows what the country is about. However, its economic status is relatively popular.

The Dangers of North Korea’s Ransomware Play

As one of the few countries with nuclear weapons, North Korea has always been a thorn in the United States’ flesh. The nation and its fierce leader, Kim Jong-Un, have refused attempts at disarmament, maintaining that its nuclear weapons are the only defense line against a possible foreign invasion.

Beyond military strength, however, North Korea is now flexing some major muscle when it comes to cyberattacks. The country has been linked with some significant hacks over the years, making it a threat both physically and virtually.

North Korea’s Hacker Arsenal

Every enterprise needs an engine that keeps it running. North Korea’s primary source of acclaim is the current weapons crisis that it appears to be fueling. The country has been under economic sanctions from the United States and the international community for years after refusing to back down from its weapons program, causing significant economic strains.

To finance its continued weapons production, North Korea’s government has turned to cybercrime. The government is now linked to several hacker groups, through which it launders and siphons money from various parts of the world.

The most effective of North Korea’s escapades have been through the Lazarus Group - a hacker organization that has been blamed for different hacks over the past few years. Earlier this year, a report from Reuters cited a document from the United Nations Security Council that flagged the group as the perpetrators of a hack on Singapore-based cryptocurrency exchange KuCoin.

The hack, which happened last September, saw KuCoin lose about $275 million. While the exchange claims to have recovered 80 percent of the stolen funds, the fact that a rogue unit could even steal as much money is staggering.

Simultaneously, the U.N. report allegedly accused North Korea of having stolen about $2 billion in total through cyberattacks that target banks and crypto exchanges. One member state believes that the country has siphoned $316 million in digital assets between 2019 and 2020 via the Lazarus Group.

Along with the Lazarus Group, North Korea also has an arsenal of more hacking groups that do its bidding. Last year, the government was especially active, taking advantage of the world’s move to the digital space. It launched different attacks and executed operations, thanks to its stacked hacker team.

Last August, a report from the U.S. Army confirmed that the North Korean government maintains a financial crime division that consists of over 6,000 hackers across different countries. The report explained that these teams are scattered primarily across India, China, Belarus, and Malaysia. With North Korea lacking the I.T. infrastructure to support these hackers, it has been much easier to maintain their operations outside the country.

Along with the Lazarus Group, the U.S. Army report also cited the Bluenoroff Group, which has about 1,700 members and is dedicated to operating long-term, concentrated crypto crimes.

The Department of Homeland Security has also issued a warning about BeagleBoys - the second-most notorious group with affiliations to North Korea’s government. The group focuses on financial institutions worldwide, and they have been credited with stealing about $2 billion since 2015.

Following the Money

There have been different inquiries into how the group manages to move its funds. Earlier this year, a report from British multinational security company BAE Systems and the Society for Worldwide Interbank Financial Telecommunication (SWIFT) detailed that the group uses a “layering” technique, which involves moving money through different exchanges. They also employ facilitators who help to launder the stolen funds, transferring the assets across exchanges to obfuscate their origins.

“Facilitators move a portion of the received funds through newly added bank accounts that are linked to their exchange account – this enables the conversion from cryptocurrency into fiat currency. Other stolen funds might be transferred in Bitcoin into prepaid gift cards, which can be used at other exchanges to purchase additional Bitcoin.”

Essentially, North Korean hackers have been awake to the privacy benefits of cryptocurrencies and their potential for identity protection. Instead of moving their gains through cash and running the risk of being found out, they have built a complex network of services and associates to help them move their funds and ill-gotten gains easily. This way, they can stay one step ahead of regulators and continue to enjoy their freedom.

All of these have led the U.S. government to take action. In February, the Justice Department announced charges against the North Korean hacker program. It is unclear how these charges will work or who will take the blame. However, considering that the government is now aware of the cyber threat that stems from North Korea, there is every belief that more action will come soon.

All of these hacker groups have been using ransomware and brute force attacks to break into networks of financial institutions and companies, stealing sensitive data and funds along the way. Essentially, companies that deal primarily with money and assets are warned to stay wary of them and keep their operations under tight security. Cyber attacks never announce themselves, but they tend to be brutal - especially when a desperate, ruthless government like North Korea sponsors them.


0 Comments • Tap In (Sign in) to comment

  • No comments yet