Throughout 2022, hackers from North Korea were involved in several cryptocurrency thefts. These hack attempts were more damaging than any previous year. Moreover, hackers made networks of multiple foreign aerospace and defense companies their primary target. They targeted certain networks, and were responsible for extorting great sums ranging from approximately $630 million to $1 billion. The exact figure varies due to fluctuating USD prices.
As per the report,
“(North Korea) used increasingly sophisticated cyber techniques both to gain access to digital networks involved in cyber finance, and to steal information of potential value, including to its weapons programmes,”
However, all of these activities were monitored by independent sanction monitors. These monitors previously accused North Korea of opting for cyber attacks to greatly fund its nuclear and missile programs. The Hermit Kingdom, however, declined all of the allegations about hacking or other cyber-attacks.
Just before the UN report, the blockchain firm, Chainalysis also came to an identical conclusion. It revealed that the hackers from the DPRK stole at least $1.7 billion worth of cryptocurrency throughout 2022. The large sum inevitably crowns 2022 as the worst year for cryptocurrency hacks. Chainalysis further reported that funds stolen by Korean hackers are mixed at a much higher rate than other stolen crypto funds.
How Did North Korea Continue with Extortion?
The independent monitors claimed that a great percentage of cyber attacks were conducted by a number of hacking groups. These groups were controlled primarily by the DPRK’s primary intelligence bureau, the Reconnaissance Intelligence Bureau. It was stated that the groups included different teams such as Lazarus, Kimsuky, Andariel, and many more. These actors continued to target victims to continuously generate revenue and solicit information of value to North Korea. The sanctions monitors claim that these groups deployed malware through different methods that include phishing as well. A similar campaign targeted a number of employees in different organizations in different countries as well.
Initial contacts with these employees were made via LinkedIn, and as soon as a decent level of trust was established, malicious payloads were transferred through WhatsApp. In addition, a North Korea based group, HOlyGhOst, extorted ransom from different sized countries. These attacks were carried out by the active distribution of ransomware using a financially motivated campaign.
Previous UN reports and sanctions have indicated that North Korea is funding its illegal nuclear and weapons of mass destruction programs. Thus, this latest report also encourages the claims, and might lead to further sanctions of the country.