UN probing 30 North Korean cyber attacks in 17 countries

A confidential UN report revealed that South Korea was the victim of 10 North Korean cyberattacks, followed by India with three attacks, and Bangladesh and Chile with two each.
A confidential UN report revealed that South Korea was the victim of 10 North Korean cyberattacks, followed by India with three attacks, and Bangladesh and Chile with two each.PHOTO: REUTERS

Report says hackers seek to raise money for weapons of mass destruction programmes

UNITED NATIONS • UN experts say they are investigating at least 30 instances in 17 countries of North Koreans using cyber attacks to raise money for weapons of mass destruction programmes - and they are also calling for sanctions against ships providing petrol and diesel to the isolated country.

Last week, The Associated Press (AP) quoted a summary of a report from the experts which said North Korea illegally acquired as much as US$2 billion (S$2.77 billion) from its increasingly sophisticated cyber activities against financial institutions and cryptocurrency exchanges.

The lengthier version of the report, recently seen by AP, reveals that neighbouring South Korea was hardest hit, the victim of 10 North Korean cyber attacks, followed by India (three) and Bangladesh and Chile (two each). Thirteen countries suffered one attack - Costa Rica, Gambia, Guatemala, Kuwait, Liberia, Malaysia, Malta, Nigeria, Poland, Slovenia, South Africa, Tunisia and Vietnam, it said.

The experts said they are investigating the reported attacks as attempted violations of United Nations sanctions, which the panel monitors.

The report cites three main ways that North Korean hackers operate:

• Attacks through the Society for Worldwide Interbank Financial Telecommunication or Swift system used to transfer money between banks, "with bank employee computers and infrastructure accessed to send fraudulent messages and destroy evidence".

• Theft of cryptocurrency "through attacks on both exchanges and users".

•And "mining of cryptocurrency as a source of funds for a professional branch of the military".

The experts stressed that implementing these increasingly sophisticated attacks "is low risk and high yield", often requiring just a laptop computer and access to the Internet.

The report to the UN Security Council provides details on some of the North Korean cyber attacks as well as the country's successful efforts to evade sanctions on coal exports in addition to imports of refined petroleum products and luxury items including Mercedes-Benz S-600 cars.


One Mercedes Maybach S-Class limousine and other S-600s, as well as a Toyota Land Cruiser, were transferred from North Korea to Vietnam for last February's summit between North Korean leader Kim Jong Un and US President Donald Trump, the experts said, adding that Vietnam said it asked for but was never provided with a list of vehicles being brought into the country.

The panel also said it obtained information that the Taesong Department Store in Pyongyang, which reopened in April and is selling luxury goods, is part of the Taesong Group that includes two entities under UN sanctions and was previously linked to procurement for North Korea's ballistic missile programmes.

The panel recommended sanctions against six North Korean vessels for evading sanctions and illegally carrying out ship-to-ship transfers of refined petroleum products. Under UN sanctions, North Korea is limited to importing 500,000 barrels of such products annually including petrol and diesel. The United States and 25 other countries said North Korea exceeded the limit in the first four months of this year.

The panel also recommended sanctions against the captain, owner and parent company of the North Korean-flagged Wise Honest, which was detained by Indonesia in April last year with an illegal shipment of coal.

The experts said North Korean cyber actors have been targeting cryptocurrency exchanges in South Korea, some repeatedly.

The panel said South Korea's Bithumb, one of the largest cryptocurrency exchanges in the world, was reportedly attacked at least four times. It said the first two attacks in February 2017 and July 2017 each resulted in losses of approximately US$7 million, while a June 2018 hacking led to a US$31 million loss and a March 2019 attack resulted in a US$20 million loss.

The panel said it also investigated instances of "cryptojacking" in which malware is used to infect a computer to illicitly use its resources to generate cryptocurrency.

It said one report analysed a piece of malware designed to mine the cryptocurrency Monero "and send any mined currency to servers located at Kim Il Sung University in Pyongyang".

A version of this article appeared in the print edition of The Straits Times on August 14, 2019, with the headline 'UN probing 30 N. Korean cyber attacks in 17 countries'. Print Edition | Subscribe