Funding for Nuclear and Missile Programs... Estimated 20 Trillion Won Hacked Last Year
Attacks Targeting South Korea... 'Information and Technology' Stolen More Than Bitcoin
[Asia Economy Reporter Jang Hee-jun] As North Korea focuses on hacking cryptocurrencies to fund its nuclear and missile development, the government has launched a national response. Amid the scale of virtual asset damage caused by North Korea swelling to trillions of won, it has been analyzed that attempts to steal information and technology are increasing in attacks targeting the South.
According to the National Intelligence Service and others on the 13th, the amount of virtual assets stolen worldwide by North Korea since 2017 is estimated at 1.5 trillion won, with about 800 billion won stolen in the past year alone. Intelligence authorities predict that cyber financial crimes targeting not only cryptocurrencies but also public institutions and companies will become more rampant this year.
North Korean Cyber Attacks
The scale of private sector damage is even greater. According to a report released earlier this month by Chainalysis, a U.S. blockchain analysis firm, the amount of cryptocurrency theft last year was $3.8 billion (approximately 4.81 trillion won), of which $1.65 billion (about 2.09 trillion won), exceeding 40%, was analyzed to have been siphoned off mainly by North Korea-linked hackers including Lazarus.
The scale of virtual asset hacking damage caused by North Korea has surged annually from $29.2 million in 2017 to $522.3 million in 2018, $271.1 million in 2019, $299.5 million in 2020, and $428.8 million in 2021. It is observed that the funds stolen through cyberattacks to evade prolonged sanctions against North Korea are flowing into North Korea’s nuclear, missile, and weapons of mass destruction development.
Tightened ROK-US Cyber Cooperation... "North Korea Will Find It Difficult to Cash Out"
However, as South Korea and the United States have begun cyber cooperation against North Korea, the general view is that it will not be easy for North Korea to cash out the stolen virtual assets 'as intended.' The situations of China and Russia, considered North Korea’s 'backers,' are also unfavorable.
Earlier, as North Korea’s hacking threats escalated, the National Intelligence Service on the 10th issued a security advisory together with U.S. intelligence agencies such as the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI). This was the first joint security advisory issued by South Korean and U.S. intelligence agencies, warning that North Korea is attempting to steal virtual assets through ransomware attacks targeting major institutions in various sectors worldwide.
On the same day, the Ministry of Foreign Affairs designated four North Korean individuals and seven institutions involved in illegal cyber activities such as virtual asset theft, related program development, and professional personnel training as targets of independent sanctions. This is also the first time the South Korean government has imposed independent sanctions against North Korea in the cyber sector.
Professor Lim Jong-in of Korea University Graduate School of Information Security analyzed, "If sanctions by various countries are layered based on ROK-US cooperation, it is expected to become difficult for North Korea to launder the hacked funds," adding, "Russia is already under significant sanctions due to its invasion of Ukraine, and the probability that Chinese financial institutions would take risks to assist North Korean hackers in laundering funds is low."
Attacks Targeting the South..."Attempts to Steal Personal Information and Technology"
Domestically, according to legal enactments and amendments, virtual asset transactions have shifted to real-name systems, and intelligence authorities analyze that there have been no virtual asset hacking damages by North Korea since last year. What requires caution is that North Korea’s hacking attacks targeting South Korea are not limited to virtual assets.
At the end of last month, an attacker presumed to be a North Korea-linked hacker group attempted to steal personal information from individuals working in diplomacy and security fields. They distributed phishing emails disguised as Kakao login pages. Recently, the North Korean hacking group 'Kimsuky,' under the Reconnaissance General Bureau, was also detected sending phishing emails disguised as the portal site 'Daum' operated by Kakao, attempting to steal users’ passwords.
Attacks targeting South Korea’s social issues are also increasing. The North Korean hacking group 'APT37' distributed malware disguised as files containing response situations during the 'Itaewon disaster' in October last year. When a fire occurred at the SK C&C Pangyo data center causing Kakao service disruptions, phishing emails were also distributed targeting North Korean defectors and politicians, disguised as recovery files.
Moon Jong-hyun, director at East Security, warned, "Although the level of attacks themselves is low, a considerable number of people fall victim to these routine techniques," adding, "The danger lies not in which portal is impersonated, but that high-ranking officials and those working in diplomacy, security, unification, and defense fields are routinely receiving such emails." He also warned that since North Korea has learned how platform paralysis affects situations like the 'Kakao outage,' it may attempt modified hacking attempts.
Meanwhile, the National Intelligence Service expects cyberattacks against the South to intensify further this year, especially with a significant increase in attempts to steal South Korea’s nuclear power and defense industry technologies. As North Korea enters the third year of its national economic development plan, it is anticipated that it will continue to steal South Korean technical data to fulfill its tasks while actively collecting diplomatic and security information.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
