Cyber-Attacks Are Primary Funding Source for North Korea

Written by

Cybercrime is now the primary means by which the North Korean state is funded, according to researchers at Venafi.

The security vendor’s threat intelligence specialist, Yana Blachman, and her team analyzed publicly available information on state-sponsored attacks directed by the hermit kingdom over the past four years.

They concluded that the Asian dictatorship now monetizes cyber-attacks to circumvent economic sanctions and keep the Kim Jong-un regime alive.

However, global democracies must take more assertive action to mitigate the cyber-threat from North Korea or risk the funding model being exported to Myanmar, Belarus and other countries shunned by the international community, Blachman warned.

“North Korean attacks are often much more brazen and reckless than those sponsored by other states, because they are not afraid of getting caught — this makes them particularly dangerous. It gives the cyber-criminals it sponsors free reign to engage in highly destructive, global attacks, such as the 2017 WannaCry attacks, affecting more than 200,000 users across at least 150 countries,” she argued.

“Worse still, North Korea is setting an example for other rogue states to follow. Belarus and even Myanmar can now see that cybercrime offers them a way of countering the worst effects of sanctions, while making themselves more of a threat to the wider community.”

Blachman, who started her professional career working in signals intelligence for the Israel Defense Forces' Unit 8200, said North Korea’s Lazarus, APT38 and other groups are coordinated through the military’s Reconnaissance General Bureau (RGB).

These groups have been responsible for some major money-making raids over recent years, including the notorious $81 million cyber-heist at Bangladesh Bank in 2016 and a theft of $32 million in crypto-funds at South Korean exchange Bithumb two years later.

In 2019, the United Nations issued a report claiming that the Kim regime had managed to generate as much as $2 billion from attacks on banks and cryptocurrency exchanges, in part to raise money for its nuclear weapons program.

Blachman published a blog today explaining more.

What’s hot on Infosecurity Magazine?