Cybercrime a Key Revenue Stream For North Korea's Weapons Program

North Korea stole hundreds of millions of dollars worth of crypto assets in at least one major hack, according to a confidential United Nations (UN) report seen by Reuters on Thursday.

The document also reportedly suggests the US previously accused North Korea of carrying out cyber-attacks to fund its nuclear and missile programs.

"Other cyber activity focusing on stealing information and more traditional means of obtaining information and materials of value to [Democratic People's Republic of Korea]'s prohibited programs, including [...] weapons of mass destruction, continued," the document read.

For context, North Korea has been banned by the UN Security Council from conducting nuclear tests and ballistic missile launches for years. However, the document seen by Reuters suggests the country made preparations for a nuclear test during the first half of 2022.

“The latest report from the United Nations on North Korean nuclear tests should sound the klaxon of alarm for Western businesses, especially as it specifically mentions cyber-attacks being a key source of funding,” explained Kevin Bocek, VP of security strategy and threat intelligence at Venafi.

The executive says that, according to data gathered by Venafi in June, it is evident the proceeds of cyber-criminal activities from groups such as Lazarus and APT38 are being used to circumvent international sanctions in North Korea.

“This money is being funneled directly into weapons programs. And because developing nuclear weapons is expensive, especially in the face of rising inflation and the cryptocurrency crash, companies should be on high alert that the DPRK will be looking to cash in now and help feed their weapons programs and fund ongoing weapon development,” Bocek added.

Additionally, the security expert mentioned code signing machine identities as a  key component of North Korean nation-state attacks.

“Incidents such as the 2014 Sony Hack, or the $101m heist of the Bangladesh Bank via the SWIFT banking system, have demonstrated North Korea’s long-standing interest in the malicious use of machine identities,” Bocek explained.

“While the latest UN report is an important step in broadcasting this issue to the world, we still need to see governments and businesses act together and share intelligence on these attacks. This will be key to building knowledge on the importance of machine identities in security. If not, we’ll continue to see North Korean threat actors thrive."

What’s Hot on Infosecurity Magazine?