North Korean Cyber Threat Guidance

North Korean Cyber Threat

U.S. Government Provides Guidance on North Korean Cyber Threat

Guidance was provided on the North Korean cyber threat by the U.S. Departments of State, the Treasury, Homeland Security, and the Federal Bureau of Investigation on April 15, 2020.  North Korea, formally known as the Democratic People’s Republic of Korea (DPRK) continues to pose a significant threat to the international financial system through an increase in malicious cyber activities.  Many of these cybercrimes are being utilized to generate funding for DPRK development of weapons of mass destruction and ballistic missile programs.  Of special concern is DPRK’s increased ability to to conduct destructive activities on critical infrastructure.

Financial Theft and Money Laundering

In its 2019 mid-term report the UN Security Council 1718 Committee Panel of Experts (POE) found that the DPRK was using increasingly sophisticated cyber techniques to attempt in the theft and laundering of as much as $2 billion dollars in that year.  These findings are consistent with U.S. Department of Justice allegations released in March of 2020.  These activities were targeted at digital currency exchanges.

Other DPRK Cyber Crimes

The DPRK has conducted a number of extortion campaigns.  In some instances, DPRK cyber actors have demanded payment from victims under the guise of long-term paid consulting arrangements in order to ensure that no such future malicious cyber activity takes place.  These cyber actors have also been hired guns in the hacking of websites for extortion purposes.

Cryptojacking has been an activity engaged in by the DPRK.  This is accomplished by compromising a computer and steal its computing resources to mine digital currency.  The POE reported several instances in which infected computers mined assets and transferred digital currency to servers at the Kim Il Sung University in Pyongyang.

The DPRK Rap Sheet

The DPRK has had a long dark history of cyber crime.  The list below includes some of the more notable operations:

  • Sony Pictures cyber attack in November 2014 in retaliation for the film “The Interview”.
  • Bangladesh Bank Heist in February of 2016 where the DPRK allegedly stole $81 million.
  • WannaCry 2.0 ransomware that infected computers in hospitals, businesses, schools, and homes in over 150 countries in 2017
  • FASTCash Campaign which has targeted ATMs in Asia and Africa since 2016.
  • Digitial Currency Exchange Hack in April of 2018 where the DPRK stole nearly $250 million through digital currency transactions.

Countering the Threat

In its report the U.S. Government agencies have listed numerous measures to counter the DPRK threat include raising the awareness of the gravity and scope of the problem.  The single most important thing that must be accomplished however, is the adoption and promotion of cybersecurity best practices.  As mentioned in a previous post businesses around the world including the United States have not attained appropriate levels of cyber strategy and execution.  In a survey of businesses undertaken by the insurance provider Hiscox in 2019, 74% fell into the Novice classification for cybersecurity.

CVG Strategy

CVG Strategy knows the importance of effective cybersecurity and is committed to helping businesses create effective Information Security Management Systems (ISMS) to protect their sensitive information and vital assets.  Contact us to see how we can help you.


Kevin Gholston

Share this post