USA and South Korea warn over North Korean cyberattacks

North Korea is furthering its interests using social engineering cyber attacks, US and South Korean agencies warned. The country is reliant on cyberattacks for foreign currency income and funding its weapons programs, a US official claimed.

 Person, Security

The Federal Bureau of Investigation (FBI), the US Department of State, the National Security Agency (NSA), the Republic of Korea’s National Intelligence Service (NIS), the National Police Agency (NPA) and the Ministry of Foreign Affairs (MOFA) have issued a joint advisory warning regarding North Korea using social engineering tactics in cyber-attacks.

The advisory highlights that North Korean government-sponsored cyber actors are attempting to exploit computer networks globally, targeting individuals working in research centres, think tanks, academic institutions and news media organisations. Some of the North Korean cyber actors listed are Kimsuky, Thallium, APT43, Velvet Chollima and Black Banshee, who are using spear phishing campaigns, masquerading as journalists, academics or individuals with credible connections to North Korean policy circles. The advisory warns that by using social engineering techniques, these threat actors gain unauthorized access to their target’s private and sensitive information, documents, research and communications in order to collect intelligence on geopolitical events, and foreign policy strategies to further North Korea’s interests.

The advisory encourages people who suspect themselves to have been targeted to report such incidents.

According to a senior American official interviewed by Nikkei, North Korea is estimated to derive approximately 50% of its foreign currency income from cyberattacks, which serve as a crucial source of funding for the country’s weapons programs. This revelation regarding Pyongyang’s financial activities took centre stage at the Shangri-La Dialogue security conference in Singapore, which commenced on 2 June.

According to this official, North Korean cyberattacks have witnessed a sharp rise since 2018, coinciding with an increase in missile launches under the leadership of Kim Jong Un.

The COVID-19 pandemic severely impacted North Korea’s foreign trade, leading to a significant decline. As a result, the isolated nation is believed to have increasingly relied on cybertheft as a means to compensate for the loss of foreign currency revenue, which was previously derived from activities like smuggling coal to China.

The South Korean government also estimated that in 2022, North Korea stole over $700 million in cryptocurrency through cyberattacks and earned hundreds of millions of dollars more from tech workers employed overseas. A private-sector estimate suggests that the cryptocurrency thefts in the same year could have reached up to $1.7 billion.