View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

US Agency in Fresh North Korean Hacker Warning

State Department offers $5 million reward

By CBR Staff Writer

The US Department of State and Cybersecurity and Infrastructure Security Agency (CISA) has issued a stark warning about North Korea (DPRK)’s cyber capabilities and ongoing campaigns to attack financial and research institutions across the world.

Urging international expulsion of “foreign-located North Korean information technology (IT) workers” CISA said the US State Department is making rewards of up to $5 million available for information on “illicit DPRK activities in cyberspace, including past or ongoing operations.”

(North Korean hacker crews are widely reported to operate in south east Asia, rendering attribution challenging).

In an April 15 advisory alert, the US says it believes North Korea has: “Demonstrated a pattern of disruptive and harmful cyber activity that is wholly inconsistent with the growing international consensus on what constitutes responsible state behaviour in cyberspace.”

It was not immediately clear what prompted the renewed focus on North Korean operations, versus other known state actors with aggressive cyberspace activities spanning espionage and cyber crime.

Read this: Russian Malware Kingpin Named as Head of “Evil Corp” by NCA, FBI

North Korean state-sponsored cyber teams consist of hackers, software developers and cryptologists, CISA said, pointing to a range of well-know cyber-based financial theft incidents, through which the CISA estimates more than $2 billion has been stolen as of late 2019.

One of the thefts involved siphoning funds from the Bangladesh Bank by conducting unauthorised transactions on the Society for Worldwide Interbank Financial Telecommunication (SWIFT) network.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

The hackers are said to have gained access to this network via a successful spear phishing campaign of bank employees.

Another campaign known as FASTCash has been in operation since 2016 and CISA notes that: “In one incident in 2017, DPRK cyber actors enabled the withdrawal of cash simultaneously from ATMs located in more than 30 different countries. In another incident in 2018, DPRK cyber actors enabled cash to be simultaneously withdrawn from ATMs in 23 different countries.”

North Korea Cybercrime and Sanctions

North Korea is subject to numerous sanctions limiting imports and exports. These have a significant impact on the country’s economy and ability to produce capital. It is widely believed that the cybercriminal activates being undertaken are designed to mitigate the impact of these restrictions.

A 2019 United Nations report stated North Korea is using cyberattacks to illegally force the transfer of money from financial institutions to supplement its economy and is using the internet as an: “Asymmetric means to carry out illicit and undercover operations in the field of cybercrime and sanctions evasion. These operations aim to acquire funds through a variety of measures in order to circumvent the sanctions.”

See Also: Cloudflare Admits Outage Came After Technician Unplugged Cables

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.