Flash points | Security | East Asia
Pyongyang continues to defy misguided expectations about its cyber capabilities by successfully employing a series of sophisticated cyberattacks that target new and developing financial technologies.
The international community often mistakenly associates North Korea’s lack of access to modern computing equipment within its borders with inferior offensive computing capabilities. As demonstrated in a new report published by the Center for a New American Security (CNAS), North Korea rapidly expanded its illicit cyber activities under sustained economic pressure from decades of sanctions. As such, Pyongyang will likely continue to adapt its cybercrime operations to evade economic sanctions head-on, as innovation in the crypto space, such as cryptocurrency, continues to outpace current fintech regulation. . The report also highlighted major flaws in North Korean cyber operations. , as well as areas where the United States and its allies can expand coordination to combat North Korea-led financial cybercrime.
In partnership with data provided by leading blockchain analytics company MRT Laboratories, CNAS provides an in-depth analysis of Pyongyang’s demonstrated ability to mine cryptocurrencies by investigating three separate case studies of North Korean hacks targeting cryptocurrency exchanges. In analyzing these hacks, the report highlighted key strengths and vulnerabilities in North Korea’s ability to steal, launder, and liquidate funds. A key takeaway from the study is that North Korean hackers showed only moderate concern about possible attribution of their crimes, meaning that the process of laundering stolen funds did not was not executed as seamlessly as the original hack. This signals that Pyongyang is aware of the lack of legal retribution for its illicit cyber activities, thus preferring speed to total obfuscation. For example, only a North Korean national was never extradited to the United States to face money laundering charges, and this was an extraordinarily rare case. Additionally, North Korean hackers have demonstrated steady improvements in the complexity of their hacking and laundering operations, including the use of cryptocurrency mixers and OTC brokers to hide the origin of the stolen crypto and the initial hack.
The cornerstone of why North Korean hackers continue to overtake the cybersecurity strategies of the United States, South Korea, and other democratic countries is surprisingly simple. While Washington and other countries task their intelligence and defense agencies with a wide range of domestic and foreign security issues, Pyongyang assigns its own agencies a much narrower set of tasks: supporting the Kim regime at all price by information and economic espionage. As such, the report suggests that US policymakers should invest more resources and research into analyzing the strengths and weaknesses of Pyongyang’s cyber capabilities. Given that the potential gains from cyber intrusions targeting financial institutions and new financial technologies far outweigh the potential punitive risks for North Korean hackers, Pyongyang is likely to to augment its illicit cyber operations.
In response, the CNAS report provided eight policy recommendations in total to build cyber resilience against North Korean hackers, highlighting the various roles of domestic and foreign policymakers and the private sector. A recommendation includes the executive branch designating specific research into state-sponsored cybercrime groups within the new National Cryptocurrency Enforcement Team (NCET). The Department of Justice recently appointed a seasoned prosecutor, Eun Young Choi, to lead the new crypto unit, signage the government’s efforts to revive research into cryptocurrency crime after four months of inactivity following the establishment of the NCET in October 2021.
Another recommendation calls on the Treasury Department to extend sanctions designations to any person or entity supporting and/or facilitating North Korean cybercrime, including telecommunications companies providing technical services, know-how and equipment. to North Korea that its hackers use to conduct malicious cyber operations. . Russian and Chinese Major telecommunications companies have indirectly supported North Korean cybercrime by providing increased internet bandwidth and connectivity to North Korean agents, and some reports indicate that North Korean hackers have even operated inside Hotels based in China. An important note is that sanctioning telecom companies that help provide internet connection to Pyongyang is unlikely to impact the civilian population in North Korea. Unless specifically permitted by the North Korean regime, internet access is illegal, and ordinary North Koreans instead access the country’s intranet, known as kwangmyong. Finally, the report also calls on Washington and Seoul to include illicit cryptocurrency-related activities within the ongoing US-ROK cyber task force. discussed during the 2021 summit between President Joe Biden and President Moon Jae-in.
Pyongyang continues to defy misguided expectations about its cyber capabilities by successfully employing a series of sophisticated cyberattacks that target new and developing financial technologies. While North Korea will likely continue to adapt its cybercrime tactics targeting cryptocurrency to circumvent the obstacles presented by economic sanctions, the United States and its allies must step up their joint efforts to counter this grave threat.