Exclusive: Record-breaking 2022 for North Korea crypto theft, UN report says
United Nations, Feb 6 (Reuters) – North Korea stole more cryptocurrency assets in 2022 than in any other year and targeted the networks of foreign aerospace and defense companies, according to a currently confidential U.N. report seen by Reuters on Monday.
“(North Korea) used increasingly sophisticated cyber techniques both to access digital networks involved in cyber financing and to steal information of potential value, including to its weapons programs,” independent sanctions monitors reported to a UN Security Council committee.
The monitors have previously accused North Korea of using cyber attacks to help finance its nuclear and missile programs.
“A higher value of cryptocurrency assets was stolen by DPRK actors in 2022 than in any previous year,” the monitors wrote in their report – sent to North Korea’s 15-member sanctions committee on Friday – citing information from UN member states and cyber security. companies.
Latest updates
See 2 more stories
North Korea has previously denied accusations of hacking or other cyber attacks.
Sanctions monitors said South Korea estimated that North Korean-linked hackers stole $630 million worth of virtual assets in 2022, while a cyber security firm estimated that North Korean cybercrime yielded more than $1 billion worth of online currencies.
“The variation in the USD value of cryptocurrency in recent months likely influenced these estimates, but both show that 2022 was a record year for DPRK (North Korea) virtual asset theft,” the UN report said.
A US-based blockchain analysis firm came to the same conclusion last week.
The UN report noted: “The techniques used by cyber threat actors have become more sophisticated, making it more difficult to trace stolen funds.”
The report is due to be released later this month or early next month, diplomats said.
BLACKMAIL
The monitors said most cyber attacks were carried out by groups controlled by North Korea’s primary intelligence agency – the Reconnaissance General Bureau. It said these groups included hacking teams tracked by the cybersecurity industry under the names Kimsuky, Lazarus Group and Andariel.
“These actors continued to unlawfully target victims to generate revenue and solicit information of value to the DPRK, including its weapons programs,” the UN report said.
The sanctions watchdog said the groups distributed malware through various methods, including phishing. Such a campaign was aimed at employees in organizations across different countries.
“Initial contacts with individuals were made via LinkedIn, and once a level of trust with the targets was established, malicious payloads were delivered through continued communication over WhatsApp,” the UN report said.
It also said that, according to a cybersecurity firm, a North Korean-affiliated group known as HOlyGhOst had “extorted ransom money from small and medium-sized companies in several countries by distributing ransomware in a widespread, financially motivated campaign.”
In 2019, UN sanctions monitors reported that North Korea had generated an estimated $2 billion over several years for its weapons of mass destruction programs using widespread and increasingly sophisticated cyber attacks.
SANCTIONS ARE RUSHING
In its latest annual report, the monitors also said Pyongyang continued to produce nuclear materials at its facilities and launched at least 73 ballistic missiles, including eight intercontinental ballistic missiles last year.
The US has long warned that North Korea is ready to carry out a seventh nuclear test.
North Korea has long been banned from carrying out nuclear tests and ballistic missile launches by the Security Council. Since 2006, it has been subject to UN sanctions, which the Security Council has strengthened over the years to target Pyongyang’s nuclear and ballistic missile programs.
But North Korea continues to illegally import refined petroleum and export coal, avoiding sanctions, the monitors said. They also said they have launched an investigation into reports of munitions exports from North Korea.
The United States has accused Russian mercenary company Wagner Group of receiving weapons from North Korea to help bolster Russian forces in Ukraine. North Korea has rejected the accusation as baseless and Wagner’s owner, Yevgeny Prigozhin, denied having received weapons from North Korea.
Last May, China and Russia vetoed a US-led push to impose more UN sanctions on North Korea. This included a proposed asset freeze on the Lazarus hacker group.
The Lazarus Group has been accused of involvement in the “WannaCry” ransomware attacks, the hacking of international banks and customer accounts, and the 2014 cyber attacks on Sony Pictures Entertainment.
The US linked North Korean hackers to the theft of hundreds of millions of dollars in cryptocurrency linked to the popular online game Axie Infinity, the US said in April. Ronin, a blockchain network that allows users to transfer crypto in and out of the game, said that digital cash worth nearly $615 million was stolen in March 2022.
Reporting by Michelle Nichols; Editing by Don Durfee and Stephen Coates
Our standards: Thomson Reuters Trust Principles.