Several United States agencies issued what they call comprehensive guidance on North Korea’s cyber attacks, which have hacked cryptocurrency exchanges and used cryptojacking and ransomware to finance the regime.
An international alert
In the April 15 advisory, the U.S. Treasury, Department of State, Department of Defense, and the FBI continue a long history of denouncing North Korea’s cyber activities. The new guidance aims to promote international cooperation against North Korea’s work in cyberspace, saying:
“It is vital for the international community, network defenders, and the public to stay vigilant and to work together to mitigate the cyber threat posed by North Korea.”
The U.S. agencies refer to the alleged involvement of the infamous Lazarus Group in hacking an array of cryptocurrency exchanges, most famously the $500 million hack of Coincheck that remains the largest of its kind to date. The guidance also references the infamous WannaCry ransomware that swept the world in 2017.
Illegal ways of funding the North Korean regime, which is otherwise crippled by sanctions
The advisory attributes the regime’s interest in crypto and cyber attacks to its desire to fund a nuclear weapons program in the face of international sanctions:
“Under the pressure of robust U.S. and UN sanctions, the DPRK has increasingly relied on illicit activities – including cybercrime – to generate revenue for its weapons of mass destruction and ballistic missile programs.”
The U.S. has recently upped its efforts to specifically sanction members of North Korea’s cyber program — which it collectively refers to as “Hidden Cobra.”
Most famously, these efforts include sanctioning the Lazarus Group and two smaller organizations in September of 2019.
Last month, the Treasury’s Office of Foreign Asset Control added two Chinese nationals along with their associated cryptocurrency addresses to sanctions for allegedly helping the Lazarus Group to launder money.