The United States agencies today released a joint advisory warning the world about the ‘significant cyber threat’ posed by North Korean state-sponsored hackers to the global banking and financial institutions.
Besides a summary of recent cyberattacks attributed to North Korean hackers, the advisory—issued by U.S. Departments of State, the Treasury, and Homeland Security, and the FBI—also contains a comprehensive guide intends to help the international community, industries, and other governments defend against North Korea’s illicit activities.
“In particular, the United States is deeply concerned about North Korea’s malicious cyber activities, which the U.S. government refers to as HIDDEN COBRA. The DPRK has the capability to conduct disruptive or destructive cyber activities affecting U.S. critical infrastructure,” the advisory says.
“The DPRK also uses cyber capabilities to steal from financial institutions, and has demonstrated a pattern of disruptive and harmful cyber activity that is wholly inconsistent with the growing international consensus on what constitutes responsible state behavior in cyberspace.”
Notably, it also mentioned that the U.S. government is now offering a monetary reward of up to $5 million to anyone who can share ‘information about illicit North Korea’s activities in cyberspace,’ including past or ongoing hacking operations.
“To support international efforts to disrupt North Korea’s illicit activities, the State Department’s Rewards for Justice (RFJ) program offers rewards of up to $5 million for information that leads to the disruption of financial mechanisms of persons engaged in certain activities that support North Korea, including money laundering, sanctions evasion, cyber-crime, and WMD proliferation,” the Reward for Justice website says.
The well-known North Korea hacking group out of all is the Lazarus group, also known as Hidden Cobra and Guardians of Peace, that has been linked to several high-profile disruptive and espionage-related cyberattacks.
The first part of the report lists a broad categorization of cyber activities targeting financial institutions through which North Korea generates revenue while bypassing sanctions imposed by the UN Security Council.
This list includes:
- Cyber activities to steal money from financial institutions and digital currency exchanges,
- Using digital means to illegally launder funds through multiple jurisdictions,
- Cyber attacks to conduct extortion campaigns against third-country entities,
- Using Cryptojacking malware against victims from other countries and abusing their systems to mine digital currencies.
According to the United States, North Korea has attempted to steal as much as $2 billion through these malicious cyber activities.
“North Korea targets cyber-enabled infrastructure globally to generate revenue for its regime priorities, including its weapons of mass destruction programs,” the U.S. government said.
“They develop and deploy a wide range of malware tools around the world to enable these activities and have grown increasingly sophisticated.”
Last year September, the United States Treasury Department also issued sanctions against three North Korean hacking groups for conducting several destructive cyberattacks on the U.S. critical infrastructure.
The next part of the latest advisory lists some of the well-known cyberattacks publicly attributed to North Korean nation-state attackers, including:
- The 2014 Sony Pictures hack,
- The $81 million Bangladesh Bank Heist,
- The Global 2017 WannaCry ransomware outbreak,
- FASTCash: Fraudulent ATM cash withdrawal scheme,
- The $250 million theft from cryptocurrency exchanges.
“The DPRK has repeatedly targeted the U.S. and other government and military networks, as well as networks related to private entities and critical infrastructure, to steal data and conduct disruptive and destructive cyber activities,” the advisory says.
In brief, the United States believes North Korea has developed a robust military-style offensive cyber operation capability that can be used to conduct more disruptive or destructive attacks against its critical infrastructures.