SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

North Korea's illicit cryptocurrency theft fuels weapons program

Wed, 6th Dec 2023
FYI, this story is more than a year old

A recent study by Recorded Future's Insikt Group reveals an escalating threat to the global cryptocurrency industry by North Korean cyberactors. Over the last five years, it is estimated that North Korea has illicitly amassed over $3 billion in cryptocurrency, half of which was stolen just in 2022.

The study suggests that the state-backed cyber-banditry has been channelling funds into the rogue nation's military and weapons programs. In fact, the theft may fuel as much as 50% of North Korea's ballistic missile program, causing global concern.

The clandestine cyber activities of North Korean threat actors are not just confined to audacious theft; they also encompass vast-scale money-laundering networks. These structures handle 'cleaning up' and utilising the stolen cryptocurrency, converting digital wealth into hard currency or procuring goods and services in support of the regime.

Despite North Korea's apparent global isolation, its elite and their computing specialists have regular and privileged access to emerging resources, technologies and information, enough to boost their cryptocurrency-focused cyberattacks.

The report conducted a comprehensive analysis of the strategies wielded by North Korean threat actors to stay undetected. Apart from targeting cryptocurrency exchanges, these cyber criminals have aimed at individual users, venture capital firms and companies dealing with cryptocurrency. The report warns that anyone or any entity within the industry is at potential risk of running afoul of these cyber attackers.

Moreover, the stolen identities often serve to bypass anti-money-laundering (AML) and know-your-customer (KYC) verification, adding a layer of complexity to tracing these criminal activities. The large-scale plundering of cryptocurrency may be a significant revenue stream for the North Korean regime, in particular for funding its military and weapons programs. 

Without a pronounced and aggressive development in regulations, cybersecurity requirements, and investments in cybersecurity for cryptocurrency firms, the study reveals that North Korea is expected to continually exploit the cryptocurrency industry to bolster its regime. Recorded Future's Insikt Group says Awareness of the potential danger posed by North Korean threat actors is crucial, not just for those operating in the cryptocurrency industry but also for entities in the traditional finance space.

The research also incorporated a number of mitigation strategies for individuals and companies within the cryptocurrency sphere. This includes enabling Multi-Factor Authentication (MFA) for software wallets and transactions, verifying the legitimacy of requested transactions, using hardware wallets for added security, and resisting pressure tactics. These strategies aim to fortify cryptocurrency operators against such malicious cyber activities.

The report, 'Crypto Country: North Korea's Targeting of Cryptocurrency,' by Recorded Future's Insikt Group, offers alarming insights into a situation that threatens to impact the global economy and geopolitical stability. Recorded Future's Insikt Group warns that firms, governments and individual cryptocurrency holders would do well to pay heed to its implications.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X