North Korean hackers stole virtual assets
UNITED NATIONS (AP) – North Korean hackers working for the government stole record-breaking virtual assets estimated to be worth between $630 million and more than $1 billion last year, UN experts said in a new report .
The panel of experts said in the comprehensive report provided to The Associated Press on Tuesday that the hackers used increasingly sophisticated techniques to gain access to digital networks involved in cyberfinance and to steal information vital to North Korea’s nuclear – and ballistic missile programs could be useful by governments, individuals and corporations.
Amid rising tensions on the Korean Peninsula, the report said, North Korea continues to violate UN sanctions, produces weapons-grade nuclear material and upgrades its ballistic missile program, which “continues to accelerate dramatically.”
In 2022, the DPRK — the North’s official name — launched at least 73 ballistic missiles and missiles combining ballistic and guidance technologies, including eight intercontinental ballistic missiles, the panel said. In the last four months of the year, 42 launches were conducted, including the testing of a supposedly new type of ICBM and a new solid-fuel ICBM engine.
North Korea’s leader Kim Jong Un in January ordered an “exponential increase in the country’s nuclear arsenal,” and the panel said “a new law discusses an increased focus on tactical nuclear capabilities, a new first-use doctrine and the “irreversible nature” of the DPRK’s nuclear status .”
“The ability to conduct an unexpected nuclear strike on any regional or international target, outlined in the DPRK’s new Nuclear Doctrine Law and gradually in public statements since 2021, is consistent with the observed production, testing and deployment of its tactical and strategic implementation.” systems,” according to the experts in the report to the UN Security Council.
The panel said South Korean authorities, quoted in media reports, “have estimated that DPRK state-sponsored cyber threat actors have stolen around $1.2 billion worth of virtual assets worldwide since 2017, including in 2022 alone.” approximately $630 million.”
The experts overseeing sanctions against North Korea said an unnamed cybersecurity firm “estimated that DPRK cybercrime generated over $1 billion worth of cybercurrencies in 2022 at the time of the threat, more than double the Total revenue in 2021 is”.
Fluctuations in the cryptocurrency’s US dollar value in recent months may have affected these estimates, according to the panel, “but both show that 2022 was a record year for virtual asset theft in the DPRK.”
The panel said three groups part of the Reconnaissance General Bureau, North Korea’s main foreign intelligence agency, “continue to illegally target victims to generate revenue and solicit information of value to the DPRK, including its weapons programs” – Kimsuky, Lazarus Group and Andariel.
Between February and July 2022, the panel said, the Lazarus Group “reportedly targeted utilities in several member states by exploiting a vulnerability” to install malware and gain long-term access. It said this “consistent with historic Lazarus invaders targeting critical infrastructure and energy companies… to siphon off proprietary intellectual property.”
The main focus of the Lazarus Group is on specific types of industry, aerospace and defense, as well as conventional finance and cryptocurrencies, with the goal of accessing the internal knowledge bases of the compromised companies, the experts said. They quoted the cybersecurity department of an internet technology company as saying that Lazarus was targeting engineers and technical support staff “who use malicious versions of open-source applications.”
In December 2022, according to the panel, South Korea’s National Police Agency announced that Kimsuky had targeted 892 foreign policy experts “to steal personal information and email lists.”
Police reported that the hackers failed to steal sensitive information, but they “washed victims’ IP addresses and deployed 326 redirect servers and 26 member states to make tracing more difficult,” the experts said. Noting that it was the first time they had spotted Kimsuky running ransomware, police said 19 servers and 13 companies were affected, two of which sent 2.5 million South Korean won ($1,980) in bitcoin to the Hackers paid.
Turning to military issues, the experts said they investigated the “apparent export” of military communications equipment by a North Korean company under UN sanctions to the Ethiopian Defense Ministry in June 2022.
The panel said it has yet to receive a response from the Ethiopian government over a photo released by Ethiopian media in November that allegedly shows a Global Communications Co. device, known as a Glocom, being used by a senior military official . Eritrea has also not responded to questions about its alleged procurement of Glocom equipment, the experts said.
North Korea may also have illegally traded weapons and related materials with a number of countries, including shipping artillery shells, infantry missiles and rockets to Russia – allegations Pyongyang and Moscow have consistently denied, the panel said. And the experts said they are investigating the reported sale by a Myanmar company of arms from a North Korean company on the UN sanctions list to the Myanmar military.