One cyberattack involved 14,000 simultaneous ATM withdrawals taking place in 28 countries.
North Korean hackers have stolen an estimated £434 million from cryptocurrency exchanges in one year alone, according to United Nations report.
The report commissioned by the United Nations Security Council (UNSC) found that between January 2017 and September 2018 the Democratic People’s Republic of Korea (DPRK) conducted five successful attacks against cryptocurrency exchanges, stealing over half a billion dollars.
The eight-strong panel state their belief that these actions by North Korea are part of a strategy to mitigate sanctions imposed on the country.
They said that North Korea is using cyberattacks to illegally force the transfer of money from financial institutions to supplement its economy and is using the internet as a “asymmetric means to carry out illicit and undercover operations in the field of cybercrime and sanctions evasion. These operations aim to acquire funds through a variety of measures in order to circumvent the sanctions.”
One UN member state wrote into the panel in 2018 to express their concern and belief that cyber-focused military units were operating out of North Korea and that these units are: “Directly tasked to generate income for the regime”
The 378-page report, which examples sanctions evasion by the DPRK and which highlights ongoing export by the country of wood, electrical equipment and other commodities, quotes a South Korean government statement that claims: “North Korea is going beyond attacking basic infrastructure and is now trying to steal national wealth through the criminal acquisition of foreign currency.”
North Korean Cyberattacks Hit Organisation Across the World
The cybersecurity community has fixed an array of names to the state-sponsored hacker groups operating out of North Korea such as Lazarus Group, ZINC, Guardians of Peace and HIDDEN COBRA; all of which have been linked to attacks on banking institution in Asia, the Americas and Europe.
One attack in August 2018 saw $13.5 million withdrawn from the Indian financial institutions Cosmos Bank. The cyberattack involved 14,000 simultaneous ATM withdrawals taking place in 28 countries.
This attack in particular has been highlighted by the International Criminal Police Organization (INTERPOL) as an indication of the level of sophistication that theses hackers have: “Not only were the actors able to compromise the SWIFT network in the Cosmos case to transfer the funds to other accounts, but they simultaneously compromised internal bank processes to bypass transaction verification procedures and order worldwide transfers to almost 30 countries where funds were physically withdrawn by individuals in more than 10,000 separate transactions over a weekend.”
The panel has recommended to the UN Security Council that countries not only need to improve their cyber defences capabilities, but the Council needs to take into account these extra revenue stream North Korea has in place when they are drafting future financial sanction measures.