The U.S. government warned that North Korea’s digital activities, including cybertheft and extortion, threatens the “integrity and stability of the international finance system.”
Amid heavy sanctions, North Korea “has increasingly relied on illicit activities — including cybercrime — to generate revenue for its weapons of mass destruction and ballistic missile programs,” according to an advisory issued Wednesday.
While the U.S. has previously warned against North Korea’s hacking activities, the alert comes as adversaries seek to leverage the pandemic to fuel their malicious cyberactivities. The advisory was issued jointly by the State Department, the Treasury Department, the Federal Bureau of Investigation and the Department of Homeland Security.
Among the North Korean cybercrimes outlined by the U.S. were financial theft and money laundering as well as the illicit mining of cryptocurrency. The warning said that North Korea’s “cyber actors have also been paid to hack websites and extort targets for third-party clients,” a reference that surprised John Hultquist, senior director of intelligence analysis at the cybersecurity firm FireEye Inc.
“Though we knew that these operators were involved in freelancing and other commercial activity such as software development, we had no evidence that they were carrying out intrusions and attacks on behalf of anyone other than the North Korean regime,” Hultquist said in a statement. “It’s not uncommon for states to tap commercial or criminal talent which then carries on parallel criminal activity, but it is rare for us to find evidence of state actors carrying out criminal side operations with the government’s knowledge.”
In recent years, the U.S. has sought to call out North Korean hacking activity, including by sanctioning and charging its hackers. Wednesday’s alert — which urged financial organizations to enhance cybersecurity practices and called for information sharing among governments and the private sector — provided “more evidence that North Korea is heavily invested in their cyber capability and taking every opportunity to leverage and monetize it,” according to Hultquist.