A United Nations panel is investigating a series of cyberattacks allegedly conducted by North Korea. The report, released in March 2024, details how these attacks, carried out between 2017 and 2023, netted an estimated $3 billion for the regime.
The Panel is investigating 58 suspected cyberattacks by the Democratic People’s Republic of Korea on cryptocurrency-related companies between 2017 and 2023, valued at approximately $3 billion, which reportedly help to fund the country’s development of weapons of mass destruction. The high volume of cyberattacks by hacking groups subordinate to the Reconnaissance General Bureau reportedly continued. Trends include targeting defence companies and supply chains and, increasingly, sharing infrastructure and tools.
The U.N. report identified several hacking groups linked to North Korea’s Reconnaissance General Bureau (RGB), including Kimsuky, Lazarus Group, Andariel, and BlueNoroff. These groups use various methods like spearphishing, exploiting vulnerabilities, social engineering, and “watering hole” attacks to steal valuable data and generate revenue.
The report highlights North Korea’s interest in stealing intellectual property for technological advancements and resale. Cryptocurrency hacks are a growing concern, with the panel investigating 17 incidents in 2023 alone, totaling $750 million in stolen funds.
The hackers target defense companies, software supply chains, and even nuclear engineers. They’ve compromised organizations in Spain, Netherlands, Poland, and Russia. Social engineering tactics include fake recruiter profiles on LinkedIn and manipulating job seekers on messaging apps. South Korea is a frequent target, with stolen data ranging from defense information to university research.
The report exposes supply chain attacks on software companies like JumpCloud, compromised to launch cryptocurrency heists. It confirms collaboration among hacking groups with overlapping membership across agencies within North Korea.
The U.N. panel documented North Korean involvement in ransomware attacks, with Andariel linked to a $360,000 bitcoin theft and Lazarus Group collaborating with a South Korean company to collect millions in ransom payments. Laundering stolen funds remains a challenge, with the report mentioning Lazarus Group’s renewed use of Tornado Cash, a cryptocurrency mixing service.
The U.N. urges member states to strengthen financial institution cyber defenses, consider sanctions on hacking groups, and disrupt North Korea’s money laundering activities. Blockchain security firm Elliptic confirms ongoing large-scale laundering efforts by Lazarus Group through Tornado Cash.
