north korea - Pwim.Net

UN Investigates North Korea on Cyberattacks Funding WMD

The U.N. experts are currently investigating 35 cases in 17 countries where North Koreas were using cyberattacks to raise money for the military objective.

They are calling for sanctions against ships that are providing gasoline and diesel to the country as a precaution for the money raised to be used for weapons of mass destruction (WMD) programs.

Reported last week, experts said North Korea “used cyberspace to launch increasingly sophisticated attacks to steal funds from financial institutions and cryptocurrency exchanges to generate income.”

The experts also mentioned that the U.N. is investigating “at least 35 reported instances of DPRK (Democratic People’s Republic of Korea) actors attacking financial institutions, cryptocurrency exchanges, and mining activity to earn foreign currency.”

The U.N. experts noted that the attacks targeting cryptocurrency exchanges allowed it “to generate income in ways that are harder to trace and subject to less government oversight and regulation than the traditional banking sector.”

A U.S. State Department spokeswoman said: “We call upon all responsible states to take action to counter North Korea’s ability to conduct malicious cyber activity, which generates revenue that supports its unlawful weapons of mass destruction and ballistic missile programs.”

The reported attacks being investigated were attempted violations of U.N. Sanctions. South Korea took the hardest hit, with 10 North Korean cyberattacks. Other countries that were attacked were India, Bangladesh, Chile, Costa Rica, Gambia, Guatemala, Kuwait, Liberia, Malaysia, Malta, Nigeria, Poland, Slovenia, South Africa, Tunisia, and Vietnam.

Images via Shutterstock

North Korea Is Developing Own Crypto to Circumvent US Sanctions

North Korea has always been suspected for either indirectly or directly funding weapons or involve in some powerful projects of mass destruction using virtual currencies. The nation was recently accused of stealing cryptocurrencies worth $2 billion to facilitate the development of deadly weapons.

Japanese and South Korean exchanges were mainly targeted for the theft, and hackers utilized phishing to hack into user accounts.

Furthermore, the secretive nation has repeatedly turned to virtual currencies to raise cash through illegal means. The list seems endless.

However, the Korea Central News Agency (KCNA) – a Kim Jong-un’s official state media – denied all allegations of such massive theft.

Development phase

North Korea says that it is in the early stages of establishing its own cryptocurrencies as a way of bypassing US sanctions and outmaneuvering the US-dominated global economic system. The proposed virtual currency hasn’t been given a name, but probably it will be “more like bitcoin or other digital currencies” mentioned Alejandro Cao de Benos, a special representative of North Korea’s foreign ministry. He also said:

“We are still in the early stage in the development of the token. We are now in the phase of studying the goods which will give value to it.”

But, the North Korean Embassy in New York neither denied nor confirmed de Benos’ claim. The embassy’s spokesperson only stated they are “not able to give an answer” and eventually hung up.

In pursuit of the dream

Blockchain.News learned that North Korea organized an initial cryptocurrency and blockchain conference event in April, with de Benos revealing that the nation now feels prepared to dip its hands into the waters of the crypto market with an offering of its own.

Close watchers of the country’s use of cryptocurrencies already have reported that the regime has huge expertise to deploy and develop its digital currency and blockchain which would assist the North Koreans in avoiding sanctions. The nation, over the few past years, has shown extensive interest in virtual currencies, along with areas of cryptojacking, hacking exchanges, mining, and many more.

The complexity of the project

While cryptocurrency provides some anonymity, it has become easier for governments and law enforcement to track virtual currency payments across the globe. By developing its own digital currency, Kim Jon Un would be able to have access to it and control how it functions – the same way nations like Iran, Venezuela, and Russia have explored similar projects.

However, while experts believe Kim Jong-un has the capacity to build its own cryptocurrencies, they are far from convinced that the project will be remotely successful. Perhaps it could just turn out to be like another Venezuela’s failed Petro coin that experts saw as propaganda exercise instead of a genuine effort to develop a new monetary system.

Venezuela, which is currently facing heavy US sanctions, attempted creating its own state-sponsored cryptocurrencies with terrible results and consequently leading to a US ban by the Trump administration.

Many sanctions on North Korea imply that any cryptocurrency it builds would certainly be illegal to sell or buy in much of the world.

US use of sanctions is reliant on the role of the dollar in the international financial system. Moreover, US sanctions have crucial secondary impacts since non-US banks cannot risk losing access to dollar transactions by conducting business with sanctioned entities or persons.

Image via Shutterstock

US Intelligence Reveals Extent of North Korea’s “Hidden Cobra” Crypto-Dependent Cyber Crimes

In an effort to combat North Korea’s rampant crypto-dependent and money generating cyber crime campaign, the United States government published a list outlining the sanctioned state’s attacks dating back to 2017—as well as guidance on countermeasures.

The new warning released on April 15 by the US Treasury, Homeland Security, and the FBI advocated that it was imperative to stop North Korea’s illicit cyber activities and subsequent money stream to obstruct the authoritarian regime’s plan to develop weapons of mass destruction.

Per the release, “ The DPRK’s malicious cyber activities threaten the United States and the broader international community and, in particular, pose a significant threat to the integrity and stability of the international financial system. Under the pressure of robust U.S. and UN sanctions, the DPRK has increasingly relied on illicit activities – including cybercrime – to generate revenue for its weapons of mass destruction and ballistic missile programs.”

The countermeasures guidance includes the implementation of a tough anti-money-laundering framework for digital currencies and the expulsion of North Korean IT workers, as well as stern advice to follow best cyber practices, and communicate with law enforcement.

Hidden Cobra

The US government is calling the North Korean cyber crime campaign by the code name “Hidden Cobra” and believes the campaign began as far back as May 2017 with the WannaCry and Malware attacks which infiltrated hundreds of thousands of computers, holding data hostage until a ransom in Bitcoin was paid. These hacks have been attributed to the DPRK by governments around the world, not only the United States.

The US agencies cite evidence that Hidden Cobra’s attackers have grown more sophisticated and diverse in their cyber campaigns with the majority of their plots highly dependent on stealing digital currency.

As stated by the US agencies, “The DPRK also uses cyber capabilities to steal from financial institutions and has demonstrated a pattern of disruptive and harmful cyber activity that is wholly inconsistent,”—with expectations of international cyber conduct.

North Korea has rebutted the allegations of stealing almost $2 billion dollars in fiat and crypto, by calling the accusations “a sort of a nasty game.”

The Case of Virgil Griffiths

US officials have adopted a zero-tolerance policy towards anyone even appearing to assist the North Korean crypto operations.

Virgil Griffith, the Ethereum research scientist was arrested in Los Angeles last December and charged for allegedly aiding in the circumvention of US Sanctions that have been placed on the Democratic People’s Republic of North Korea.

According to the official complaint, Griffith had explicitly asked and been denied permission to travel to North Korea in order to give the presentation on blockchain technology. Specifically, the charges cited that Griffith had been aiding the development of a crypto exchange between North Korea and South Korea and was fully aware this would violate US and UN sanctions against the DPRK.

Image via Shutterstock

Cybersecurity Firm Kaspersky Warns of New Ransomware Devised by Notorious North Korean Ransomware Group

Multinational cybersecurity provider Kaspersky has announced that the notorious North Korean crypto criminal group, Lazarus, is planning on releasing a new ransomware.

Kaspersky Investigates

The new threat, dubbed VHD, is designated to target internal networks of companies in the economic sector. In regards to why the ransomware group often resorted to working in solo ops, Kaspersky researchers presented their hypothesis:

“We can only speculate about the reason why they are now running solo ops: maybe they find it difficult to interact with the cybercrime underworld, or maybe they felt they could no longer afford to share their profits with third parties.”

Phishing For Crypto And Sensitive Data

The infamous North Korean ransomware group Lazarus have been reported to have multiple tricks up their sleeves. In fact, according to cybersecurity Cyfirma, Lazarus is preparing a huge phishing campaign, that is meant to target at least 6 nations and over 5 million businesses and individual investors.

The report of the devious scheme was released in June. For the time being, there are no signs of the phishing campaign unfolding yet, as it appears that the North Korean ransomware group have not yet deployed the mass phishing campaign.

However, as the hacking group have kept their digital heists alive in 2020, Cyfirma thought it best to warn major companies for prevention purposes.

Lazarus’ Notoriety Precedes Them

In the past, the North Korean ransomware group, operating under “Lazarus,” have made quite an impression on cybersecurity firms, having accumulated over $571 million in stolen cryptocurrencies since 2017. Lazarus group is notorious for hitting up cryptocurrency exchanges and have kept up their act of ransoming victims for cryptocurrencies, amid the coronavirus pandemic.

2019 Digital Heist

Last year, as reported by Chainalysis, Lazarus pulled off a digital heist that amounted to $7 million in various cryptocurrencies.

The ransomware group hit up DragonEx crypto exchange, a Singapore-based money exchange. In order to pull off their crypto scam, Lazarus created a fake trading bot website that was offered to employees of the DragonEx exchange.

The North Korean criminal organization used a sophisticated phishing attack, where a real website and social media pertaining to it were linked to a fake company called “WFC Proof.” The non-existent company was said to have created Worldbit-bot, a trading robot, that was then offered to DragonEx employees.

Finally, the malicious software was installed on a computer that contained the private key of the DragonEx hot wallet, which enabled the North Korean-based group to steal cryptocurrencies from the Singapore exchange.

Lazarus Group: Anonymous or Not?

Lazarus’ malicious cyberattacks date all the way back to 2017. Though cybersecurity has not managed to completely arrest and stop the hacking group, identities associated with the North Korean hacking ring have been uncovered.

Earlier this year, two Chinese citizens by the name of Tian YinYin and Li Jiadong were identified by the US treasury for their connection with Lazarus group. They were sanctioned in March by US authorities for their alleged involvement in laundering stolen cryptocurrencies from a 2018 cyberattack against a cryptocurrency exchange.

While blockchain is still promoted as being cryptographically secured and the underlying technology for cryptocurrencies, exchanges that hold them are still prone to cyber-attacks, just as traditional markets are not immune to heists and money laundering schemes.

Korea: Training Military or Cybercriminals?

Preventing financial theft has been an ongoing issue for the longest of times.

With a series of money-related attacks leading to a subsequent UN investigation last year, there is an ongoing hypothetical circulating around the law enforcement industry that the Democratic People’s Republic of Korea (DPRK) may be heavily involved in coordinating cyberattacks, as they have reportedly been training cybercriminals to target and launder stolen funds from financial institutions.

US Army Reveals That North Korea Has A Legion of 6,000 Hackers Working for the Nation

In a recent tactical report, the US Army unveiled that North Korea possessed a number of government-based divisions assigned to cryptocurrency and crypto cybercrimes.

US Discloses North Korean Tactics

The report released by the US Army is dubbed North Korean Tactics. In the legal document, it indicated that hackers working for the Asian country did not necessarily launch cyberattacks directly from North Korea. The reason is due to a lack of information technology (IT) infrastructure on North Korea’s part. Due to this lack of digital power, the country is unable to deploy massive campaigns.

In the report, the US Army revealed that North Korea currently had more than 6,000 hackers throughout the world working for them. Countries with North Korea-based hackers include Belarus, China, India, Malaysia, and Russia, to name a few. Bureau 121, which constitutes the cyber warfare directing unit of North Korea, currently has four active subdivision operations that it is managing and operating under its entity are at least 6,000 hackers.

North Korean Tactics report details that criminal activity is rampant in any country, and so naturally, alliances between North Korea and South Korea are at times formed for the mutual purpose of combatting crime.

However, in Chapter 3 of the report, US officials described what constituted a criminal organization in detail. In the conclusion of that section, it indicated that according to standardized definitions, the North Korean Government operating under Kim Jong Un “could be considered a criminal network.” The report read:

“Criminal organizations […] protects its activities through patterns of corruption, coercion, or violence. These networks can range within a local community, national/regional areas, or international/transnational activities. Due to the illegal activities that are sanctioned by Kim Jong Un, the North Korean Government could be considered a criminal network. The Kim regime is involved in drug trade, counterfeiting, human trafficking, and cybercrime.”

Goal to End North Korea Criminal Operations

The US has long been active in trying to put an end to North Korea’s widespread cryptocurrency-driven cybercrime campaigns. Earlier in April, the US had published another report outlining the North Korean regime’s attacks dating back to 2017. Enclosed in the list were guidelines on how to counter the cybercrime attacks driven by North Korea.

US Files Lawsuit to Recover Cryptocurrency Accounts Linked to North Korean Hacking Operation

The US Department of Justice has filed a suit against North Korean state-sponsored cyber hackers for allegedly perpetrating two major cryptocurrency heists.

Crypto exchanges suffer North Korean cyber attack

The complaint, filed on Thursday, outlined two hacks that were allegedly conducted by state-sponsored North Korean cybercriminals, and that targeted two cryptocurrency exchanges hit last year. Proton Tokens (PTT), PlayGame tokens (PXG), and IHT Real Estate Protocol tokens were stolen from the first virtual exchange. In order to launder the digital assets, cyber hackers washed out the tokens through Chinese over-the-counter brokers.

The altcoin assets were converted into Bitcoin (BTC), Tether (USDT), and other cryptocurrencies to cover the North Korean cyber criminals’ tracks. The total amount of altcoins and tokens stolen were reported to be equivalent to $272,000.

A similar case was reported by US investigators a few months after the occurrence of the first crypto heist. This time, a US crypto exchange was hacked and $2.5 million in cryptocurrencies were stolen. Once again, US law enforcement said that North Korean operators laundered the virtual funds through Chinese traders that they had coordinated with for previous heists.

Despite the crypto laundering techniques that were employed by North Korean cyber hackers, law enforcement and cybersecurity were able to trace the funds, thanks to blockchain analysis. The stolen cryptocurrency assets were allegedly funneled into 280 cryptocurrency accounts.

In relation to the civil forfeiture complaint filed by US Justice Department, FBI Special Agent Emmerson Buie Jr. spoke up regarding cybersecurity and North Korea’s alleged involvement in cyberattacks. He said:

“Today’s complaint demonstrates that North Korean actors cannot hide their crimes within the anonymity of the internet. International cryptocurrency laundering schemes undermine the integrity of our financial systems at a global level, and we will use every tool in our arsenal to investigate and disrupt these crimes.”

US investigates North Korean cyber operations

In order to tighten cybersecurity and annihilate any national security threat, the US has been actively monitoring North Korean tactics. In a recent tactical report released in July, the US Army had revealed that North Korea currently had more than 6,000 hackers operating under their umbrella. These government-sponsored hackers were dispersed throughout the world and were rumored to be at the basis of illicit cyber hacks.

There is substantial evidence that indicates that the Democratic People’s Republic of Korea (DPRK) may be heavily involved in cybercriminal operations, and US officials have clearly expressed their desire to safeguard national security by tightening cybersecurity ropes.

In the past, two Chinese nationals, Tian YinYin and Li Jiadong, had been sanctioned by the US government for their involvement in laundering over $100 million worth of Bitcoin cryptocurrency funds from a 2018 cyberattack perpetrated by North Korean hackers against a crypto exchange. The two men were identified for their connection to the notorious North Korean state-sponsored cybercriminal ring, Lazarus Group.

Concerns Arise as North Korea’s Financial Services Commission Unsure of Its Cryptocurrency Mandate

The Financial Services Commission of North Korea has come under the spotlight. The agency, which is supposed to be in charge of the supervision of cryptocurrencies, recently asked which ministry is responsible for dealing with challenges associated with the theft of cryptocurrencies in the country.

Lawmaker Seong II-Jong, the opposition party secretary of the National Assembly’s Political Affairs Committee, revealed that the Financial Services Commission (FSC) wrote an inquiry letter asking “Which ministry is responsible for the defense of North Korean cryptocurrency theft?”

The Korean Communications Commission and the Ministry of Foreign Affairs received the letter and responded that cryptocurrency issues are under the responsibility of the FSC.

This shows that there is a need for the Korean government to clarify roles tasked with relevant ministries and help ministers understand their responsibilities. However, the task of the supervision and management of digital asset providers like crypto exchanges is jurisdiction under the FSC.

On March 5, 2020, the Members of North Korea’s National Assembly passed the law that amended “The Use and Reporting of Specific Financial Transactions Formation.” The law now mandates digital asset businesses like crypto exchanges to enter their real name verifications in commercial banks. Once obtaining active bank accounts, such businesses are required by the law to fill a business report with the FIU (Financial Information Analysis Institutes) under the FSC. Seong stated:

“With the passage of the amendment, cryptocurrency management has become a business of the Financial Services Commission, but the Financial Services Commission says ‘it’s not our business’. I am going to ask.”

Where Funds Come from For North Korea’s Missile Programme

According to Dr. Marx Schiller, German Missile scientist, it would cost North Korea more than $1 million to 1.5 million to develop a new short-range ballistic missile in the country. The scientist further said that it would cost the country to have a total of $1 billion to build and weaponize the missile program. The scientist said that the country must have invested a huge cost of about 1,135.7 billion ($1.00642 billion) in developing missiles.

Since the international community started imposing sanctions in 2018, North Korea’s exports have declined to an estimate of 10%. The country has further experienced export reduction because of the coronavirus pandemic that has led to border closures between China and North Korea since the beginning of this year.

In such situations, questions are being asked about how North Korea has been able to obtain a huge amount of funds being used to build and produce missiles. A confidential report indicates that North Korea is funding its missile program with fiat and cryptocurrency stolen from exchanges and banks.

In September this year, Chainalysis, a US blockchain analysis company, published a report that identified that the amount of crypto funds stolen in North Korea for the last five years (from 2015-2019) have reached $1.5 billion.

In September 2019, the U.S Department of Treasury submitted a report saying that three hacking groups (Andariel, Bluenoroff, and Lazarus) are controlled by the North Korean government. The report identified that these groups have stolen cryptocurrencies worth $571 million from January 2017 to September 2018.

Ethereum Developer’s Trial for Attendance at North Korea Blockchain Conference Set for September 2021

Ethereum researcher Virgil Griffith has been accused by the US government of assisting North Korea in questionable affairs involving cryptocurrencies.

Last year, the developer attended a blockchain conference in North Korea. That in itself was enough to alarm the US government, as regulators arrested Griffith, accusing him of violating the International Emergency Economic Powers Act (IEEPA).

IEEPA is a US federal law that enables the President to regulate external variables that may threaten national security. If the situation in question is classified as a national emergency, the President is allowed to regulate it in ways he sees fit. Griffith attending a blockchain conference in North Korea has been enough to anger the US, as the Democratic People’s Republic of Korea (DPRK) has long been considered a high-risk country by the United States.

Now, US lawmakers have set the tentative trial date for Griffith for September 2021, anywhere between September 7 and September 30.

What angered US regulators

US regulators are claiming that by attending the North Korea blockchain conference, Griffith has breached the International Emergency Economic Powers Act as he allegedly has given a speech to educate North Koreans on how to use cryptocurrency for their own gains. The Ethereum attended the conference in North Korea in November 2019 and was arrested following his return to the US.

According to the official complaint, Griffith had explicitly asked and been denied permission to travel to North Korea in order to give the presentation on blockchain technology. Specifically, the document outlines that Griffith had been aiding the development of a crypto exchange between North Korea and South Korea and was fully aware this would violate U.S. sanctions against the DPRK.

Should he be declared guilty, the Ethereum developer may potentially be imprisoned for up to 20 years.

Jury Trial will Decide if Ethereum Dev Nigel Griffith Helped North Korea Evade Sanctions

Ethereum developer Virgil Griffith has been accused by the US Department of Justice of aiding North Korea (DPRK) in evading sanctions and will now face trial by jury.

Virgil Griffith must now face a jury for the DOJ’s claims that a speech the Ethereum dev gave at a Pyongyang crypto conference in 2019 served to empower Kim Jong Un’s administration of the DPRK to evade sanctions and launder money.

According to Law360 on Jan 29, Griffith’s motion to dismiss the criminal charges have now been denied by a New York federal judge. The Ethereum developer’s motion claimed that the charges should be dismissed as his right to free speech is protected by the US Constitution’s first amendment.

Griffith also requested clarification on the charges through a bill of particulars, claiming he has been unable to sufficiently prepare his defense as the four-page indictment against lacked specific detail outlining his criminal conduct.

The New York judge has also rejected Griffith’s request for clarity, stating that he the “adequate notice of the charges” against the Ethereum developer had been provided. The judge further cited text messages that had been allegedly sent by Griffith prior to his speech in Pyongyang which stated:

“We’d love to make an Ethereum trip to the DPRK and set up an Ethereum node […] It’ll help them circumvent the current sanctions on them.”

The judge has now pushed the case forward and Griffith and his legal team will have to convince a jury that the Ethereum developer did not aid the authoritarian regime of North Korea in circumventing US sanctions.

The Case and Consequences

The U.S. Attorney’s Office of the Southern District of New York announced on Nov. 29, 2019 that Griffith had been charged with ‘Conspiracy to Violate the International Emergency Economic Powers Act (IEEPA)’ by traveling to the Democratic People’s Republic of Korea (DPRK or North Korea) in order to deliver a presentation and technical advice on using cryptocurrency and blockchain technology to evade sanctions.”

A January 2020 indictment was put forward against Griffith, accusing him of violating the International Emergency Economic Powers Act (IEEPA).

While Griffith has claimed his speech was protected and has characterized his presentation as delivering “information that one could readily learn from a Google search.”

The judge also made note that the fact that Griffith was not explicitly paid for the speech should have no bearing on the jury’s ruling. The judge stated:

“Even if Griffith’s presentation at the conference, taken in isolation, did not qualify as the provision of services, or was exempt under the information exception, evidence at trial may be sufficient to demonstrate his guilt in conspiring to provide services.”

Should Griffith be found guilty of the allegations, the Ethereum developer may potentially be imprisoned for up to 20 years.

N.Korea's Crypto Hacks Up by least 7 times in 2021, Nearly $400M Stolen: Chainalysis

North Korean hacks on the cryptocurrency platforms jumped from four to seven extracting nearly $400 million worth of digital assets over the last year, blockchain analysis firm Chainalysis said in a new report.

“From 2020 to 2021, the number of North Korean-linked hacks jumped to seven times from four, and the value extracted from these hacks grew by 40%,” the report stated, which was released on Thursday.

The total of at least seven attacks was one of the most successful years on record, according to the report.

“Once North Korea gained custody of the funds, they began a careful laundering process to cover up and cash out,” the report added.

According to a January 07, 2022, report by Blockchain.News, Crypto crimes saw a record high number last year in terms of value, Chainalysis said.

The report stated that the blockchain analysis firm reported recently that illegal addresses of criminals received $14 billion in digital currencies, up 79% from $7.8 billion in 2020.

Illicit addresses already hold over $10 billion worth of cryptocurrencies as of early 2022, Chainalysis said.

The United Nations (UN) has accused North Korea of using these stolen funds to support its nuclear and ballistic missile programs to circumvent sanctions. Although Pyongyang does not reply to media inquiries, they have previously denied allegations of hacking.

In 2021, three of North Korea’s computer programmers from the intelligence service department were charged by the UN for a massive, year-long hacking spree on companies ranging from banks to Hollywood movie studios. The trio was accused of trying to steal more than $1.3 billion in money and cryptocurrency.

In the report, Chainalysis said that North Korea’s hacks were targeted primarily at investment firms and centralized exchanges. The tactics used by the hackers included phishing lures, code exploits, malware and advanced social engineering to siphon funds out of these organisations’ inter-connected ‘hot’ wallets into North Korea-controlled addresses, the report added.

The report went on to say that the hacks were likely carried out by the United States sanctioned Lazarus Group, who have been accused of involvement in the notorious “WannaCry” ransomware attacks. The Lazarus Group is controlled by the Reconnaissance General Bureau, North Korea’s primary intelligence bureau.

The group’s infamous “WannaCry” ransomware attacks targeted international banks and customer accounts, and the 2014 cyber-attacks on Sony Pictures Entertainment.

According to Chainalysis, North Korea has stepped up efforts to launder stolen cryptocurrency by using software tools that pool and scramble crypto from thousands of other addresses.

Researchers have identified $170 million in old, unlaundered cryptocurrency holdings from 49 separate hacks ranging from 2017 to 2021 but it remains unclear as to why the hackers would still be sitting on these for all these years, the report added.

“Whatever the reason may be, the length of time that (North Korea) is willing to hold on to these funds is illuminating, because it suggests a careful plan, not a desperate and hasty one,” Chainalysis concluded.