February 22, 2022

Understanding the Strengths and Vulnerabilities of North Korean Hackers

By: Jason Bartlett

The international community often incorrectly correlates North Korea’s lack of access to modern computer hardware within its borders to inferior offensive cyber capabilities. As demonstrated in a new report released by the Center for a New American Security (CNAS), North Korea has rapidly expanded its illicit activity within the cyber domain under sustained economic pressure from decades of sanctions. As such, Pyongyang will likely continue to adapt its cybercrime operations to evade the full brunt of economic sanctions as innovation within the crypto space, such as cryptocurrency, continues to outpace current regulation of financial technology The report also outlined major flaws in North Korean cyber operations, as well as areas where the United States and its allies can expand coordination to counter North Korea-led cyber-enabled financial crime.

Pyongyang continues to defy miscalculated expectations regarding its cyber capabilities by successfully employing a series of sophisticated cyberattacks that target new and developing financial technology.

In partnership with data provided by leading blockchain analysis firm TRM Labs, CNAS provides in-depth analysis of Pyongyang’s demonstrated ability to exploit cryptocurrencies by investigating three separate case studies of North Korean hacks targeting cryptocurrency exchanges. Through analyzing these hacks, the report outlined key strengths and vulnerabilities in North Korea’s ability to steal, launder, and liquidate funds. A major takeaway from the study was that North Korean hackers demonstrated only moderate concern over eventual attribution of their crimes, meaning that the process of laundering stolen funds was not executed as seamlessly as the initial hack. This signals that Pyongyang is aware of the lack of legal retribution for its illicit cyber activities, thus preferring speed over total obfuscation. For example, only one North Korean national has ever been extradited to the United States to face money laundering charges, and this was an extraordinarily rare case. Additionally, North Korean hackers have demonstrated steady improvements in the complexity of their hacks and laundering operations, including the use of cryptocurrency mixers and over-the-counter brokers to hide the origin of the stolen crypto and the initial hack.

Read the full article from The Diplomat.

More from CNAS

  • Commentary
    • Sharper
    • November 20, 2024
    Sharper: Trump 2.0

    Donald Trump's return to the White House is widely expected to reshape America's global priorities. With personnel choices and policy agendas that mark a significant break fro...

    By Charles Horn & Gwendolyn Nowaczyk

  • Podcast
    • November 14, 2024
    Trump 2.0's Economic Security Agenda

    Emily and Geoff switch from obsessing over the election to obsessing over the transition. They dig into what a Trump 2.0 presidency will mean for tariffs, sanctions, export co...

    By Emily Kilcrease & Geoffrey Gertz

  • Commentary
    • The Washington Post
    • November 14, 2024
    Biden’s Gloves Can Finally Come Off to Help Trump End the Ukraine War

    The Biden administration’s reasons to treat Russian oil with kid gloves, in other words, no longer apply....

    By Edward Fishman

  • Podcast
    • November 13, 2024
    European Security and Defense under Trump 2.0 with Andrea Kendall-Taylor and Jim Townsend

    Max and Donatienne are joined by Andrea Kendall-Taylor and Jim Townsend, hosts of the Brussels Sprouts podcast at the Center for a New American Security, to discuss the implic...

    By Andrea Kendall-Taylor & Jim Townsend

View All Reports View All Articles & Multimedia