In a startling revelation, a recent report by Recorded Future’s Insikt Group exposes North Korean hackers’ staggering theft of $3 billion in cryptocurrency since 2017. This illicit activity showcases the regime’s sustained involvement in the cryptocurrency sector, transitioning from targeting financial institutions via the SWIFT network to a more expansive strategy during the cryptocurrency boom of 2017.
The Cryptocurrency Boom and Global Expansion
Initially centred on South Korea, North Korean cyber attacks soon transcended borders, expanding globally as the market flourished. In 2022 alone, these threat actors faced allegations of pocketing a substantial $1.7 billion, highlighting the severe economic ramifications – 5% of the country’s recorded economy or a staggering 45% of its military budget.
The funds acquired through these illicit means undergo conventional laundering processes employed by cybercriminal groups. This revenue is crucial for the regime, providing a lifeline for sustaining financial resources despite international sanctions. The laundering techniques employed by North Korean threat actors include the use of stolen identities and manipulated photos, strategically eluding anti-money laundering measures.
Backed by the state, North Korean threat actors engage in operations mirroring those of other cybercriminal groups but on a grander scale, accounting for a staggering 44% of the stolen cryptocurrency in 2022. Their targets extend beyond cryptocurrency exchanges to include individual users, venture capital firms, and alternative technologies.
Cryptocurrency Funding Military Programs
Recorded Future’s research emphasizes that the regime views crypto theft as a significant revenue source, primarily funding military and weapons programs. Although the exact allocation for ballistic missile launches remains uncertain, a noticeable correlation exists between the increase in stolen cryptocurrency and the rise in missile launches.
The report underscores the imperative need for stronger regulations, enhanced cybersecurity measures, and increased investments in the cybersecurity of crypto firms. Without these measures, North Korea is likely to persist in targeting the industry for additional revenue. Despite restrictions on movement and the isolation of the general population, the regime’s elite and highly trained computer science professionals continue to play a crucial role in conducting cyber-attacks against the cryptocurrency industry.
North Korean threat actors engage in operations mirroring those of other cybercriminal groups but on a grander scale, accounting for 44% of the stolen cryptocurrency in 2022. Their targets extend beyond crypto exchanges to reach individual users, venture capital firms and alternative technologies.
The saga of North Korean hackers pilfering billions in cryptocurrency unveils a complex web of illicit activities with far-reaching consequences. As the global community grapples with the evolving landscape of cyber threats, strengthening regulations and bolstering cyber security measures emerge as crucial steps to thwart North Korea’s persistent attempts to exploit the cryptocurrency industry for financial gain.
We hope you’ve enjoyed this blog. Be sure to watch out for our future weekly blog releases and thanks for reading!