Why North Korea is the Greatest State-Sponsored Threat to the Financial Services Sector

North Korean hackers have become the most dangerous state-sponsored threat to the financial services sector. While other state-sponsored cyber adversaries to the United States and South Korea, such as Chinese and Russian actors, typically target government agencies and democratic institutions, Pyongyang continues to devote a large portion of its cyber resources towards exploiting the global financial market with a growing focus on cryptocurrency. Since the mid-80s, Pyongyang has steadily increased its offensive cyber capabilities through domestic innovation and support from foreign actors, which has increased its ability to conduct destructive and disruptive cyberattacks. While South Korean government agencies and researchers will likely remain major targets for North Korea, Pyongyang’s appetite for cybercrime has grown beyond the Korean Peninsula in recent years, with financially motivated cyber operations targeting entities and institutions around the world.

According to publicly available information written in both English and Korean language, Pyongyang has adapted its traditional modus operandi for cybercrime to focus heavily on exploiting vulnerabilities in financial institutions outside of the Korean Peninsula, such as foreign banks and cryptocurrency exchanges. This shift occurred around 2015 and continues today with a steady increase in intrusions against cryptocurrency exchanges, in particular. Official U.S. government statements support this claim as the U.S. Department of Justice has identifying North Korean hackers attempting to steal over $1.2 billion from banks in Vietnam, Bangladesh, Taiwan, Mexico, Malta, and various countries in Africa during this timeframe. A recent report by the Center for a New American Security outlined an expanding toolkit of cyber-enabled money laundering platforms, such as decentralized finance (DeFi) and other evolving financial technology, that highlight this shift in North Korean cybercrime. Pyongyang will likely continue to exploit these technologies to improve both their cybercrime capabilities and potential net gain profits from cyber heists.

In this environment of rapid innovation within the cryptocurrency and blockchain technology industry coupled with unyielding sanctions against Pyongyang, North Korean hackers have become the greatest state state-sponsored threat to the financial services sector. Despite its global status as a pariah state, Pyongyang is acutely aware of growing financial trends abroad and how best to exploit them to its benefit. For example, U.S. economic sanctions on North Korea significantly increased in 2016 following expansions in North Korea-specific sanctions regimes, the same year when Bitcoin gained mass popularity and other cryptocurrency coins, like Ethereum, started to gain momentum. Given the creativity needed for North Korea to successfully evade growing economic sanctions, Pyongyang’s decision to dive deep into cyber-enabled financial crime targeting cryptocurrency during this period was likely not just a coincidence.

Read the full article from The Sejong Institute.