Following revelations that North Korea amassed $2 billion in cryptocurrency for weapons programs, a new report discloses further details.
According to the United Nations, it is investigating a total of 35 North Korean cyberattacks in 17 countries. These reportedly follow one of three key attack vectors.
A North Korea In Cybercrime
After last week’s UN report summary, the full version reveals the extent and geographical distribution of North Korea’s cyberattacks.
According to the South China Morning Post, hackers targeted South Korea the most, with the UN investigating 10 attacks.India suffered three attacks, and Bangladesh and Chile were victims of two attacks each.
But individual attacks were reported across the globe, in Africa, Central and South America, the Middle East, South East Asia, and Europe.
The United Nations views these attacks as an attempt to skirt sanctions.
Three Ways To Skin A Sanction
According to the report, the increasingly sophisticated attacks are ‘low risk but high yield’, often requiring not much more than a laptop and internet connection.
There were three main methods in which the North Korean hackers operated: attacks through the Society of Worldwide Interbank Financial Telecommunication (SWIFT) system, cryptocurrency thefts from exchanges and users, and “mining of cryptocurrency as a source of funds for a professional branch of the military.”
A Step By Step Guide
SWIFT attacks were generally carried out “with bank employee computers and infrastructure accessed to send fraudulent messages and destroy evidence.” In Chile, hackers used LinkedIn to ‘headhunt’ an employee of the Chilean interbank network connecting all of the countries ATMs.
Cryptocurrency exchanges were repeatedly attacked, with at least four hits on South Korea’s Bithumb. Stolen funds following a 2018 attack “were transferred through at least 5,000 separate transactions and further routed to multiple countries before eventual conversion.”
As well as ‘quasi-legitimate’ mining operations, the report investigated ‘crypto-jacking‘, whereby North Korean hackers infect computers with malware. The computers resources are then directed to mine cryptocurrency for the benefit of the attacker. In one instance, malware mining Monero was sending the proceeds to servers at Kim Il-Sung university in Pyong Yang.