Record-breaking 2022 for North Korea crypto theft: UN report
Sign up now: Get ST's newsletters delivered to your inbox
North Korea has previously denied allegations of hacking or other cyber attacks.
PHOTO: PEXELS
Follow topic:
NEW YORK – North Korea stole more cryptocurrency assets in 2022 than in any other year and targeted the networks of foreign aerospace and defence companies, according to a currently confidential United Nations report seen by Reuters on Monday.
“(North Korea) used increasingly sophisticated cyber techniques both to gain access to digital networks involved in cyber finance, and to steal information of potential value, including to its weapons programmes,” independent sanctions monitors reported to a UN Security Council committee.
The monitors have previously accused North Korea of using cyber attacks to help fund its nuclear and missile programmes.
“A higher value of cryptocurrency assets was stolen by DPRK actors in 2022 than in any previous year,” the monitors wrote in their report, referring to the country by its official name, Democratic People’s Republic of Korea. The report, which was submitted to the 15-member council’s North Korea sanctions committee on Friday, cited information from UN states and cyber-security companies.
North Korea has previously denied allegations of hacking or other cyber attacks.
The sanctions monitors said South Korea estimated that North Korean-linked hackers stole virtual assets worth US$630 million (S$835 million) in 2022, while a cyber-security company assessed that North Korean cybercrime yielded cyber currencies worth more than US$1 billion.
“The variation in the US dollar value of cryptocurrency in recent months is likely to have affected these estimates, but both show that 2022 was a record-breaking year for DPRK virtual asset theft,” the UN report said.
A United States-based blockchain analytics company reached the same conclusion last week.
The UN report noted: “The techniques used by cyber-threat actors have become more sophisticated, thus making tracking stolen funds more difficult.”
The report is due to be released publicly later in February or early March, diplomats said.
The monitors said most cyber attacks were carried out by groups controlled by North Korea’s primary intelligence bureau – the Reconnaissance General Bureau. It said those groups included hacking teams tracked by the cyber-security industry under the names Kimsuky, Lazarus Group and Andariel.
“These actors continued illicitly to target victims to generate revenue and solicit information of value to the DPRK, including its weapons programmes,” the UN report said.
The sanctions monitors said the groups deployed malware through various methods, including phishing. One such campaign targeted employees in organisations across various countries.
“Initial contacts with individuals were made via LinkedIn, and once a level of trust with the targets was established, malicious payloads were delivered through continued communications over WhatsApp,” the UN report said.
It also said that, according to a cyber-security company, a North Korean-linked group known as HolyGhost had “extorted ransoms from small and medium-sized companies in several countries by distributing ransomware in a widespread, financially motivated campaign”.
In 2019, the sanctions monitors reported that the North had generated an estimated US$2 billion over several years for its weapons of mass destruction programmes using widespread and increasingly sophisticated cyber attacks.
In their latest annual report, the monitors said Pyongyang continued producing nuclear fissile materials at its facilities and launched at least 73 ballistic missiles, including eight intercontinental ballistic missiles in 2022.
The US has long been warning that North Korea is ready to carry out a seventh nuclear test.
Last May, China and Russia vetoed a US-led push to impose more UN sanctions on North Korea. This included a proposed asset freeze on the Lazarus hacking group.
Lazarus has been accused of involvement in the WannaCry ransomware attacks, hacking of international banks and customer accounts, and the 2014 cyber attacks on Sony Pictures Entertainment.
The US said in April 2022 that it had linked North Korean hackers to the theft of hundreds of millions of dollars’ worth of cryptocurrency tied to the popular online game Axie Infinity
Ronin, a blockchain network that lets users transfer crypto in and out of the game, said digital cash worth almost US$615 million was stolen in March 2022.
