It’s no secret that North Korea is using hacker-based cyber operations to steal sensitive political and military intelligence and to attack ideological foes. But an analysis posted on 38 North notes Pyongyang’s increasing interest in using such “weapons of mass disruption” to generate revenue.
The respected specialist website on North Korea also says the nation’s hackers are showing increased interest in using bitcoin as a vehicle in their nefarious money-raising activities.
“Bitcoin provides attractive benefits to the isolated nation due to a lack of regulation and the ability to subvert international sanctions,” Adam Meyers, a recognized security and intelligence expert, wrote in the piece.
Meyers says a case in point is the so-called “WannaCry” hacker assaults in May 2017. He notes that the attacks involved encrypting sensitive material and holding the keys to decrypt the files for a ransom to be paid in bitcoin.
He says the attack had “North Korean fingerprints embedded in the code used to execute the attack, as did the tools that were used to develop that code.”
The best-known example of the North’s suspected use of cyber ops to generate revenue is the unauthorized transfers of funds from the Bangladesh Central Bank in early 2016, Meyers recounts.
“The attempted transfers amounting to over US$950 million sought to move funds to entities in locations such as Sri Lanka and the Philippines; ultimately US$81 million in funds disappeared into the ether,” the analyst said.
Same hacker codes
Meyers says what’s noteworthy is that traces of the executable codes used in the WannaCry attack also overlap with the codes used in the attacks against South Korean nuclear power plants and the Sony Pictures hack in 2014.
“North Korea is an exception to the classical understanding of how most nations implement offensive cyber operations in that they incorporate espionage, disruptive/destructive attacks and financially motivated operations using the same computer code and infrastructure,” Meyers said in his analysis.
He goes on to say that the value of cyber operations is likely recognized by North Korea’s top leaders — including military brass and Kim Jong-un.
The regime is also said to have an elaborate and highly specialized network of units charged with carrying out the attacks.
“Subordinate units, notably the Reconnaissance General Bureau (RGB), Bureau 121, and the Command Automation Bureau (CAB), are likely responsible for executing the specific operations,” Meyers said. “The individual units may have a charter to self- finance their operations, or to contribute financial gains back to the regime, but it seems clear that various offensive operations are conducted by differing groups with their own approach and missions.”
“For example, one group may have a primary focus on revenue generation, targeting South Korean banks and SWIFT and conducting extortive attacks, while another group might focus on intelligence collection, while a third conducts sabotage and destructive attacks,” Meyers added.