According to a currently confidential United Nations report seen by Reuters on Monday, North Korea stole more cryptocurrency assets in 2022 than in any other year and targeted the networks of foreign aerospace and defense companies.

“(North Korea) used increasingly sophisticated cyber techniques both to gain access to digital networks involved in cyber finance, and to steal information of potential value, including to its weapons programmes,” independent sanctions monitors reported to a U.N. Security Council committee.

North Korea has previously been accused by monitors of using cyber attacks to fund its nuclear and missile programs.

“A higher value of cryptocurrency assets was stolen by DPRK actors in 2022 than in any previous year,” the monitors wrote in their report – submitted to the 15-member council’s North Korea sanctions committee on Friday – citing information from U.N. member states and cybersecurity firms.

Previously, North Korea denied allegations of hacking or other cyberattacks.

According to the sanctions monitors, South Korea estimated that North Korean-linked hackers stole $630 million in virtual assets in 2022, while a cybersecurity firm estimated that North Korean cybercrime yielded cybercurrencies worth more than $1 billion.

“The variation in USD value of cryptocurrency in recent months is likely to have affected these estimates, but both show that 2022 was a record-breaking year for DPRK (North Korea) virtual asset theft,” the U.N. report said.

Last week, a blockchain analytics firm based in the United States came to the same conclusion.

According to the UN report, “cyberthreat actors’ techniques have become more sophisticated, making tracking stolen funds more difficult.”

According to diplomats, the report will be made public later this month or early next month.

According to the monitors, the majority of cyber attacks were carried out by groups controlled by North Korea’s main intelligence agency, the Reconnaissance General Bureau. It stated that these groups included hacking teams known in the cybersecurity industry as Kimsuky, Lazarus Group, and Andariel.

“These actors continued illicitly to target victims to generate revenue and solicit information of value to the DPRK including its weapons programmes,” the U.N. report said.

According to the sanctions monitors, the groups used malware in a variety of ways, including phishing. One such campaign targeted employees in organizations from around the world.

“Initial contacts with individuals were made via LinkedIn, and once a level of trust with the targets was established, malicious payloads were delivered through continued communications over WhatsApp,” the U.N. report said.

It also stated that a North Korean-linked group known as HOlyGhOst had “extorted ransoms from small and medium-sized businesses in several countries by distributing ransomware in a widespread, financially motivated campaign,” according to a cybersecurity firm.

North Korea used widespread and increasingly sophisticated cyberattacks to generate an estimated $2 billion for its weapons of mass destruction programs over several years, according to UN sanctions monitors in 2019.

The monitors also stated in their most recent annual report that Pyongyang continued to produce nuclear fissile materials at its facilities and launched at least 73 ballistic missiles, including eight intercontinental ballistic missiles, last year.

The US has long warned that North Korea is preparing to conduct a seventh nuclear test.

The Security Council has long prohibited North Korea from conducting nuclear tests or launching ballistic missiles. It has been subject to United Nations sanctions since 2006, which the Security Council has strengthened over time to target Pyongyang’s nuclear and ballistic missile programs.

However, North Korea has continued to import refined petroleum and export coal illegally, evading sanctions, according to the monitors. They also stated that they have begun an investigation into reports of North Korean ammunition exports.

The US has accused the Russian mercenary firm Wagner Group of receiving weapons from North Korea in order to bolster Russian forces in Ukraine. North Korea has denied the accusation, and Wagner’s owner, Yevgeny Prigozhin, has denied receiving arms from North Korea.

China and Russia vetoed a US-led push to impose additional UN sanctions on North Korea last May. This included the Lazarus hacking group’s assets being frozen.

The Lazarus group has been accused of involvement in the “WannaCry” ransomware attacks, hacking of international banks and customer accounts, and the Sony Pictures Entertainment cyber-attacks in 2014.

The US said in April that it had linked North Korean hackers to the theft of hundreds of millions of dollars in cryptocurrency linked to the popular online game Axie Infinity. According to Ronin, a blockchain network that allows users to transfer cryptocurrency in and out of the game, digital cash worth nearly $615 million was stolen in March 2022.

(Adapted from Reuters.com)

Categories: Economy & Finance, Geopolitics, Regulations & Legal, Strategy, Uncategorized