November 09, 2022
U.S.-ROK Strategy for Enhancing Cooperation on Combating and Deterring Cyber-Enabled Financial Crime
Download the full PDF in English
Download a Korean translation
Executive Summary
The May 2022 U.S.-ROK Summit between President Joe Biden and President Yoon Suk-yeol revitalized previous bilateral commitments to establish a joint cyber working group to address the growing issue of cyber-enabled financial crime with specific emphasis on cryptocurrency, blockchain technology, and illicit North Korean cyber activity.1 This report provides specific policy recommendations for Washington and Seoul to incorporate within the cyber working group to enhance cooperation on combating and deterring cyber-enabled financial crime, especially from state-sponsored actors.
North Korea has become the greatest state-sponsored threat to the global financial services sector. From 2021 to June 2022 alone, North Korean cyber operatives and their facilitators stole more than $1 billion (in U.S. currency, as throughout this report unless otherwise indicated) in digital assets through hacking cryptocurrency exchanges and laundering the stolen funds using various financial technologies and obfuscation techniques, including cryptocurrency mixers and foreign over-the-counter brokers.2
North Korea has become the greatest state-sponsored threat to the global financial services sector...Washington and Seoul must work together to change this reality.
Pyongyang will likely maintain this position as long as the potential gains of cyber operations against financial services are greater than the potential risks and resources needed to conduct these operations. Washington and Seoul must work together to change this reality.
This report compiles the findings of a year-long research project to generate actionable policy recommendations for Washington and Seoul to incorporate within their joint cyber working group to strengthen joint deterrence against state-sponsored cyber-enabled financial crime that continues to target both U.S. and South Korean social, financial, and cyber infrastructure. Based on intensive field research and interviews with U.S. and ROK stakeholders, this report outlines current challenges to enhancing U.S.-ROK cyber coordination, details the evolution of North Korea’s cyber program and modern-day threats, provides policy recommendations for the joint cyber working group, and includes an appendix with all relevant U.S. and ROK agencies that can contribute valuable expertise to the group.
Main Takeaways
- North Korea began developing a cyber program in the mid-1980s that was supported by both domestic innovation and foreign assistance.
- Starting in the late 2000s, Pyongyang launched offensive cyber operations against South Korean government agencies, businesses, research organizations, traditional financial institutions, North Korean defectors who had resettled, and ordinary South Korean citizens for mostly politically motivated reasons.
- North Korean cybercrime significantly evolved between 2015 and 2016, with a rapid increase in cyber operations targeting both traditional and non-traditional financial institutions and technology such as cryptocurrency, blockchain, and later, decentralized finance platforms.
- Washington and Seoul possess different, but complementary, expertise and capabilities related to curbing cyber-enabled financial crime that should be considered within the joint U.S.-ROK cyber working group revitalized during the May 2022 U.S.-ROK Summit.
- Key bureaucratic and logistical differences exist between Washington and Seoul regarding how they perceive and respond to North Korea–related threats that have prevented enhanced cooperation, including:
- Political oscillation in Seoul pertaining to North Korean policy;
- Discrepancies in U.S. and ROK government perception and resource allocation toward certain state-sponsored cyber threats;
- Difficulties in properly identifying U.S.-ROK government agency counterparts.
Summary of Recommendations
The following policy recommendations seek to offer guidance to the joint U.S.-ROK cyber working group to enhance bilateral cooperation on combating and deterring cyber-enabled financial crime, with specific emphasis on state-sponsored cybercrime from actors such as North Korea. Washington and Seoul should:
- Establish a research agenda for the U.S.-ROK cyber working group to identify exploitable vulnerabilities in state-sponsored cybercrime strategy, with an initial focus on North Korea.
- Identify specific representatives from relevant U.S. and ROK government agencies to participate in the joint cyber working group. This will improve routine information sharing and joint investigations.
- Consider the joint cyber working group as a U.S.-ROK partnership to protect against any state-sponsored cyber-enabled financial crime operations.
- Issue a joint advisory guidance document on potential cybersecurity and financial risks related to social engineering hacks. This will build trust and rapport with the private sector while attempting to stymie cyber-enabled financial crime tactics.
- Organize an external advisory team of leading U.S. and ROK nongovernment researchers and private sector analysts who work on issues pertaining to the agenda of the joint working group and can offer outside assistance and advice.
Introduction
The United States and South Korean governments have developed significantly different approaches to address state-sponsored cyber-enabled financial crime with specific regard to North Korea. Actors such as North Korea have rapidly adopted cryptocurrency and related financial technology as an increasingly preferred tool to facilitate cyber-enabled financial crime, and this development has highlighted the need for enhanced cooperation between Washington and Seoul. Given Pyongyang’s national priority to evade economic sanctions and expand its nuclear weapons arsenal, this massive influx of currency into North Korea raises significant security concerns for both the United States and South Korea.
While a rapidly growing number of illicit North Korean cyber activity targets the financial sector, other cybercrime state sponsors, including China and Russia, present different cybersecurity risks to the United States and South Korea, as they often target government agencies and infrastructure for information espionage, technology theft, and system shutdowns. Although the current focus of the U.S.–Republic of Korea (ROK) joint cyber working group is on North Korea–sponsored cyber-enabled financial crime efforts, Washington and Seoul should consider future research that includes cyber threats from other state-sponsored actors.
- “United States–Republic of Korea Leaders’ Joint Statement,” The White House, press release, May 21, 2022, https://www.whitehouse.gov/briefing-room/statements-releases/2022/05/21/united-states-republic-of-korea-leaders-joint-statement/; “U.S.-ROK Leaders’ Joint Statement,” The White House, press release, May 21, 2021, https://www.whitehouse.gov/briefing-room/statements-releases/2021/05/21/u-s-rok-leaders-joint-statement/. ↩
- Jason Bartlett, “Why North Korea Is the Greatest State-Sponsored Threat to the Financial Services Sector,” Korea on Point by the Sejong Institute, June 27, 2022, https://koreaonpoint.org/view.php?topic_idx=30&idx=95; Olga Kharif, Sidhartha Shukla, and Bloomberg, “Hackers Just Stole $100 Million in Crypto from Harmony’s Horizon Bridge,” Fortune, June 24, 2022, https://fortune.com/2022/06/24/hackers-steal-100-million-in-crypto-from-harmony-horizon-bridge-ethereum-binance/. ↩
More from CNAS
-
Our Man in Damascus? Sanctions and Governance in Post-Assad Syria
The complexity of the legal and policy issues presented by the sanctions thicket surrounding Syria—and the disparate authorities responsible for various parts of it—will requi...
By Alex Zerden
-
Ziemba: Russia & Iran Concentrating on Own Battles
The rebel-led alliance in Syria is set to form a transitional government, after overthrowing President Bashar Al Assad. Reports say the reason the Assad regime fell so quickly...
By Rachel Ziemba
-
Sharper: Tariffs
The incoming Trump administration has signaled that tariffs will be a central pillar of its economic strategy, with significant implications for international trade, the Ameri...
By Eleanor Hume, Charles Horn & Gwendolyn Nowaczyk
-
Taking Trump’s Tariffs Threats Seriously
Join Emily and Geoff to catch up on a whole bunch of economic security news, including the ill fated Nippon Steel / U.S. Steel deal, new chips export controls, and TikTik’s ba...
By Emily Kilcrease & Geoffrey Gertz