North Korean hackers have stolen cryptocurrencies worth $721m from Japan in the past five years, a report revealed this week. The long history of animosity between the countries, and the close association between Japan and the US, is likely to be behind the trend, researchers say.
This figure is equal to 30% of the total of such losses worldwide, states the report. The research was carried out by UK cryptocurrency research company Elliptic on behalf of Asia Nikkei.
North Korea has stolen $721m from Japan since 2017
According to Elliptic’s findings, Japan is the worst hit by North Korea’s worldwide cryptocurrency raids, suffering $721m in thefts out of a global $2.3bn between 2017 and the end of 2022.
Vietnam was the next largest victim, having lost $540m, the US following with $497m and finally Hong Kong, which suffered losses to the Diplomatic Republic of North Korea (DPRK) of $281m.
North Korea is well known for using cybercrime to bolster its economy. A report released by the United Nations earlier this year asserted that hackers working for the government in Pyongyang stole more assets in 2022 than in any other year, all the while targeting the networks of foreign aerospace and defence companies.
“(North Korea) used increasingly sophisticated cyber techniques both to gain access to digital networks involved in cyber finance, and to steal information of potential value, including to its weapons programmes,” independent sanctions monitors reported to a UN Security Council committee.
The report follows finance ministers and central bank governors in Japan calling for leaders of the G7 group of nations to recognise the “growing threat from illicit activities by state actors,” in response to the rise in cybercrime. The G7 meets in Japan this week.
Japan needs to boost its cyber defences
To counter the threat of neighbouring countries targeting their cryptocurrency and valuable data, Japanese companies must tighten their cyber defences.
In the past week Japanese car manufacturer Toyota disclosed a data breach on its cloud platform, admitting that sensitive car location data of over two million customers has been publicly accessible for the past ten years.
The data breach, exposing 2,150,000 customers’ data was caused by a database misconfiguration
“It was discovered that part of the data that Toyota Motor Corporation entrusted to Toyota Connected Corporation to manage had been made public due to misconfiguration of the cloud environment,” reads a breach notice issued by the company.
“After the discovery of this matter, we have implemented measures to block access from the outside, but we are continuing to conduct investigations, including all cloud environments managed by TC. We apologise for causing great inconvenience and concern to our customers and related parties,” the notice continued.
Such mishaps must be guarded against if the country is to maintain its defences against North Korean state-sponsored hackers.
The ties are so deep between the two countries that this sort of targeting is inevitable, explained Mitch Haszard, threat intelligence analyst at Insikt Group:
“From a relationship standpoint, North Korea has a long history of interaction with Japan since the end of the Korean War, but there also remains considerable historical animosity between Japanese and Korean societies,” Haszard says.
This is exacerbated by Japan’s public allegiances with the US, “one of the DPRK’s primary adversaries,” making Japan a perennial target for North Korea, the analyst adds.
“Unlike most nation-state threat actors, North Korea has basically become a cybercriminal enterprise that occasionally does espionage,” Liska says. “Because North Korea is so isolated from the rest of the world in terms of both economic activity and geopolitics they need to raise funds to operate the country however they can and cryptocurrency theft is one of their main tools for doing so.”