While the Kim Jong Un government has long relied on drug trafficking, counterfeiting, and other illicit activities to raise funds, stealing cryptocurrency is becoming a significant source of revenue for Pyongyang. According to a confidential United Nations report seen by CBS News, the country has now accumulated at least $2 billion from cyberattacks against crypto exchanges and other targets.
Of that total, between $600 million and $1 billion was stolen just last year. It’s estimated that North Korea’s hackers have targeted the global supply chain of crypto firms, using phishing attacks and malware to breach weak security systems. They also exploit third-party services to launder money, such as mixers that blend cryptocurrencies to obscure their origins.
It’s thought that Lazarus Group, sanctioned by the U.S. Treasury Department in 2022, has been behind many of the biggest heists. The hacker group has reportedly trained students for up to six years before putting them to work in what Plante describes as “a factory environment where they’re working seven days a week, up to 20 hours a day.”
In the past, it was easy to steal cryptocurrency by posing as recruiters or IT workers to gain access to networks and servers, but that trick is becoming less reliable. Now, threat actors are able to circumvent this by targeting weak security features and exploiting vulnerable employees in the crypto industry, experts say.
One of the most effective tools at their disposal is so-called phishing attacks, in which fake messages are sent to users to lure them into opening a malicious file or visiting a fake website. Those who follow the link or download the file will then become infected with malware, which will steal cryptocurrency from their computer and send it to an address controlled by the attackers.
The hacks are said to have netted the regime at least $3 billion in the last six years, helping it fund its nuclear and missile programs. However, with international sanctions squeezing its finances and border closures from the outbreak of COVID-19, making it difficult for it to trade and generate funds, relying on cryptocurrency theft has become increasingly important.
The United States and other countries are trying to counter the attacks by sharing intelligence with allies and focusing on preventing stolen coins from being laundered in places like China or Russia, where hackers can quickly move money. They’re also seeking to stop the hackers from relying on mixing services like Tornado Cash, which the U.S. has previously been able to shut down.