Report Contents

March 3, 2021


NORTH KOREA: Pyongyang could expand cyber attacks as economic crisis continues

BY Victor Cha, Tobias Harris

Share on twitter
Share on whatsapp
Share on facebook
Share on linkedin
Share on email
Share on reddit

Listen to our reports with a personalized podcasts through your Amazon Alexa or Apple devices audio translated into several languages

( 3 mins)

The US Department of Justice (DOJ) announced in February that it was indicting three members of North Korea’s Reconnaissance General Bureau (RGB), a clandestine agency that manages cyber warfare activities, for attempts to steal more than USD 1.3bn in cash and cryptocurrency from banks and companies around the world. The indictments highlight the extent to which North Korea’s cyber warfare activities have become primarily for theft rather than a vehicle to hack infrastructure or terrorize North Korea’s enemies. Therefore, in light of North Korea’s economic struggles since the Covid-19 pandemic began, it is likely that North Korea’s cybertheft could intensify as the regime looks for new sources of hard currency to replenish its coffers.

The DOJ’s indictment builds upon the 2018 indictment of RGB member Park Jin Hyok, which was mainly focused on the 2014 hack of Sony Pictures Entertainment in retaliation for the film The Interview. The new indictment provides an expansive look at the North Korea’s cyber activities. The most lucrative activity documented in the indictment were hacks directed at banks in Asia, Africa, and North America, including Bangladesh’s central bank; the unit allegedly hacked financial institutions’ networks to initiate fraudulent wire transfers to North Korean accounts. These hacks yielded more than USD 1bn for Pyongyang. Other activities included ransomware attacks, taking over a target’s computer and threatening to release confidential information unless the victim pays a ransom; the dissemination of cryptocurrency malware; hacks aimed at cryptocurrency companies worldwide, resulting in the theft of more than USD 100mn; and spear-phishing campaigns aimed at US defense contractors, technology companies, US government departments, and other priority targets. The indictment also describes a “ATM cash-out” operation, in which the hackers would hack a financial institution and use this access to enable fraudulent ATM transactions. Overall, the new indictment suggests that North Korea has increasingly sophisticated cyber tools for gaining hard currency through illicit means.

In light of North Korea’s economic crisis – which most recently has led to electricity shortages and a new emphasis by North Korean leader Kim Jong Un on state control of the economy in pursuit of “self-reliance” and “self-sufficiency” – the regime is likely to step up its use of cyber warfare. While North Korea may target public and private entities in the US and South Korea in particular, the DOJ’s indictment suggests that North Korea’s hackers may ultimately be opportunistic, focused more on finding vulnerable targets that yield greater returns for the regime than politically “appropriate” targets. Of course, North Korea’s cyber warfare may not be limited to theft. South Korea’s National Intelligence Service (NIS) has claimed that North Korean hackers have launched spear-phishing attacks aimed at Pfizer, AstraZeneca, and other pharmaceutical companies working on a Covid-19 vaccine.

More by Victor Cha, Tobias Harris