Korean Peninsula A to Z

Korea, Today and Tomorrow

N. Korea Uses Advanced Hacking Abilities to Make Money



On September 2, the Society Worldwide for Interbank Financial Telecommunication or SWIFT said that North Korea started laundering money using cryptocurrencies. In a report jointly published by British security firm BAE Systems, SWIFT said that one of the North Korean hacking groups called Lazarus attempted to launder crypto funds by stealing them from an exchange and then pass transactions through different exchanges.

The U.S. has consistently raised the alarm about North Korean hackers’ money-laundering scheme related to crypto-assets. On August 27, the U.S. Justice Department filed a complaint to forfeit 280 cryptocurrency accounts suspected of having ties to North Korean hackers who stole digital currencies. As a matter of fact, international concerns about North Korea’s cyber threats are not something that started just recently. Here’s political commentator Lee Jong-hoon with more.

On August 26, multiple U.S. agencies issued a joint alert against North Korea’s cyber theft. The agencies are the Cybersecurity and Infrastructure Security Agency under the Homeland Security Department, the Treasury Department, the FBI and the U.S. Cyber Command. They said that a North Korea-backed hacking group called BeagleBoyz stole money from bank accounts and ATMs around the world. The alert was followed by a complaint from the Justice Department to seize cryptocurrency accounts linked to North Korean hackers.

Regarding increasing cyber operations by North Korean hackers as of late, the U.S. suspects that North Korea tries to secure the money needed for some sort of provocation, such as a long-range missile launch, before the U.S. presidential election.

South Korea is one of the biggest targets of North Korean hackers. Cyberattacks by Thallium, which is another hacking group believed to be operated by North Korea, have recently increased significantly. Last year, Microsoft filed a lawsuit against this cybercrime group with a federal district court in Virginia for allegedly attacking U.S. government employees. It is assumed that the group is identical to a North Korean hacking organization that was previously known as Kimsuky.

On September 5, South Korean cybersecurity firm, ESTsecurity, said that Thallium launched attacks on South Koreans working in defense firms, researchers of North Korean issues, defectors and journalists specializing in North Korea. It has reportedly spread emails carrying malicious code, disguised as a research material of a person who has worked at the Gaeseong Industrial Complex before.

This group is known for its highly sophisticated hacking methods. It sends emails that look completely harmless, but once people click it, they are linked with malicious code. For example, Thallium has been sending emails with the title of “Samsung Cloud Gallery Services” to South Koreans working in North Korea-related areas. It has also launched phishing attacks on journalists, pretending to be Naver, South Korea’s largest web portal service operator. North Korean hackers are using phishing and smishing, or SMS phishing, which have evolved considerably both in South Korea and abroad. Their targets include South Korean financial companies, so they may possibly steal South Korean funds.

North Korea’s cyberattacks continue to evolve. In the past, they typically paralyzed, disrupted or destroyed cyberinfrastructure, as seen in a series of distributed denial-of-service or DDoS attacks. With North Korea reeling from a financial crunch due to international sanctions, it has recently turned to hacking in order to make money. In other words, North Korea is using its cyber operations capabilities to earn money. For that purpose, it mines, steals and produces cryptocurrencies such as Bitcoin, Litecoin and Monero. Global security industries warn countries to take extra precautions because North Korea uses more sophisticated and well-planned hacking techniques.

It is believed that North Korean hackers have stolen cryptocurrencies worth hundreds of millions of US dollars by hacking crypto exchanges. But it is very difficult to trace the process. To make their hacking incidents untraceable, hackers are known to transfer cryptocurrencies more than 5,000 times using highly advanced and elaborate techniques. The scale is so large that North Korea is suspected of supporting illegal cyber operations at a state level to funnel the funds into weapons development. Industry watchers estimate that the level of North Korea’s cyber capabilities is close to Russia’s and China’s.

Many believe North Korea trains hackers systematically at major universities and organizations because they prove to be cost-effective.

Foreign money illegally earned by North Korean hackers is a major source of funding for the North Korean regime, which is subject to various sanctions.

In February 2016, North Korean hackers stole 81 million US dollars from the Bangladesh central bank’s account at the Federal Reserve Bank of New York by hacking SWIFT’s computer network. In 2019, they also stole 10 million US dollars from a Chilean bank through a cyber theft. It seems North Korean hacking group Lazarus has recently taken the lead in stealing more than 500 million dollars in cryptocurrencies.

According to a report released by the expert panel under the U.N. Security Council’s committee on sanctions on North Korea in August last year, North Korea is estimated to have collected about 2 billion US dollars by hacking banks and crypto exchanges. The amount is staggering, almost equivalent to foreign currency income that North Korea had earned before the sanctions were imposed on it. For North Korea, hacking operations do not cost much, as it can mobilize skilled hackers at low costs.

Some predict that North Korea’s cyberattacks will continue to pose a threat to the entire world and the nation will lead mobile hacking operations this year. According to the 2020 Threat Report by BlackBerry Cylance, which is a cybersecurity firm under Canadian mobile phone manufacturer BlackBerry, cyber threat actors from North Korea will continue to probe network and system security around the world in 2020.

North Korea finds it increasingly difficult to earn foreign money due to international sanctions. It is easy to imagine that the country will continue to hack financial institutions all over the world and steal cryptocurrencies in a bid to secure money.

Amid the prolonged international sanctions against North Korea, the already impoverished local economy is deteriorating further and leader Kim Jong-un is running short of his governing funds. To secure the funds at least, hacking will be indispensable. In a sense, cyber theft is the easiest way to earn money. Previously, North Korea would circulate counterfeit dollars. But hacking costs less and has fewer risks to exposure. I imagine North Korea’s cyber operations will be more sophisticated and meticulous, and their scale will be much larger. Given the financial situation of North Korea and its leader, hacking incidents will be more rampant. I think that’s why the U.S. continues to give warnings against North Korea’s illicit cyber operations. 

North Korea may possibly attack South Korea by mobilizing nuclear weapons or long-range missiles. But it’s hard to deny that cyber provocations are much more effective in collecting foreign money at low costs.

Many analysts point out that South Korean people are rather indifferent to North Korea’s hacking campaign, compared to other forms of provocations or terrorist attacks. It is necessary to arouse public attention to North Korea’s ever-evolving cyber terrorism.

Latest News