A recent release from the Federal Bureau of Investigation, Department of Homeland Security, the Treasury Department, and the Department of State details the scope of the North Korean hacking threat for public consumption.
The advisory, released as a comprehensive resource on all things DPRK cyber, highlights the threats posed by malicious cyber activities and offers a few recommendations on how to mitigate this threat. Available online or in PDF, the advisory seeks to educate on and inform the public of the significant threat posed by North Korean hackers to the “broader international community[… and] the integrity and stability of the international financial system.”
While condemning North Korean cyber activities, the advisory identifies how North Korea has increasingly relied on illegal means to generate revenue for its weapons of mass destruction and ballistic missiles development programs. In light of aggressive sanctions on North Korea, the need for alternative cash streams forced a capabilities evolution that has become the cornerstone of North Korean revenue generation. Never mind the malnourished and brainwashed North Korean common man — weapons programs and adherence to the absolute power of the absolutely infallible dear leader Kim Jong Un are paramount.
A review of the extensive and malicious cyber activities, presented in the advisory, intimates upon the reader the full extent to which North Korea seeks to conduct disruptive and destructive cyber activities. Such activities are capable of affecting U.S. critical infrastructure, financial institutions, and other organizations that fall victim to North Korea’s “harmful and irresponsible cyber activity.”
The shortlist of North Korea’s malicious cyber activities includes cyber-enabled financial theft and money laundering, extortion campaigns, cryptojacking, and others. In one allegation, for example, North Korean cybercriminals were able to hack into a digital currency exchange and steal almost $250 million in digital currency. The haul was then allegedly laundered by two Chinese nationals in an attempt to prevent asset tracing and the identification of the funds’ origins. Such acts exemplify the major financial gain to be had from malicious, illegal, and destabilizing cyber activities, and also provide some insight into North Korea’s ability to skirt sanctions and generate revenue through cybercrime.
Noting that North Korea’s malicious cyber activities directly fund the regime’s priorities, the advisory strongly urged “governments, industry, civil society, and individuals to take all relevant actions […] to protect themselves from and counter the DPRK cyber threat.” Among such actions it was recommended to:
- Raise awareness of the DPRK cyber threat;
- Exchange technical information;
- Implement cybersecurity best practices;
- Notify Law Enforcement of any activity;
- Strengthen Anti-Money Laundering (AML) / Countering the Financing of Terrorism (CFT) / Counter-Proliferation Financing (CPF) compliance.
While a majority of these recommendations are hard to implement at the individual level, readers are still able to educate themselves on malicious North Korean (and others’) activity and deepen their understanding of the tactics and techniques used by such cybercriminals to exploit their targets.
While much of this activity may seem distant individuals that prioritize their own cybersecurity and possess a baseline understanding of common hacking techniques can at least present a harder target for criminal actors at all levels. Common digital hygiene practices, such as employing a Virtual Private Network, remaining wary of phishing attacks, and maintaining current software patches and system updates are a few examples of individual-level actions that can have exponentially beneficial effects on one’s digital security.
Thanks for listening.