A United Nations panel is corroborating threat intelligence that cybersecurity researchers have long reported: North Korea is using its formidable cyber capabilities to raise money in the face of sanctions.
North Korean government-sponsored cyberattacks on financial institutions to illegally transfer funds “have become an important tool in the evasion of sanctions and have grown in sophistication and scale since 2016,” says the U.N. panel report, which was published late Monday. The report chronicles North Korea’s alleged attempts to circumvent sanctions using multiple methods, but the panel is increasingly taking note of the role of cyber operations in that endeavor.
North Korean hackers successfully breached at least five cryptocurrency exchanges in Asia between January 2017 and September 2018, causing $571 million in losses, the report says, citing private-sector research. The great majority of that haul came from a January 2018 hack of Coincheck, an exchange based in Japan. The U.N. panel also pinned the 2016 theft of $81 million from Bangladesh Bank on North Korean hackers, citing a U.S. indictment.
Pyongyang’s targeting of cryptocurrency exchanges is particularly useful for evading sanctions because the digital trail is difficult to trace, and offers numerous opportunities for money laundering, according to the report. The “Panel of Experts” that issued the document is comprised of U.N.-appointed analysts and reports to a committee of the U.N. Security Council, which is made up of China, France, Russia, the United Kingdom, and the United States.
North Korea consistently has denied conducting cyberattacks against international targets.
“What stands out [from the report] are the amounts of money involved and the sheer scope of the operations, [which are] highly coordinated and disciplined,” Hugh Griffiths, who heads the U.N. panel, told CyberScoop. “The ability to breach banking security is extremely worrying and raises broader questions.”
The U.N. panel singled out North Korea’s Reconnaissance General Bureau as an intelligence agency that has been the hub of multiple cyber operations, including the devastating 2017 WannaCry ransomware outbreak. The panel recommended that evidence of the RGB’s cyberattacks be added to the bureau’s entry on a list of U.N. sanctions on North Korea.
Adam Meyers, vice president of intelligence at cybersecurity company CrowdStrike, which has tracked North Korea-linked hackers for a decade, said it was “significant” to see the U.N. panel call out Pyongyang’s offensive cyber operations.
“The security research community has been tracking [North Korean] activity for some time and there are some high-dollar (tens of millions or more) estimates associated with those schemes,” Meyers told CyberScoop via email, adding that his company expects North Korea to increasingly use its hacking capabilities for economic espionage in the coming year.
The U.N. sanctions are meant to stifle the North’s nuclear and ballistic missile programs, which Pyongyang reportedly has pursued in the face of international condemnation.