According to the Associated Press (AP), UN experts have been investigating at least 35 cases of Pyongyang-backed hackers using cyber attacks to raise funds for military purposes. These cases are known to have impacted institutions such as banks and cryptocurrency exchanges in 17 other countries. A summary of the report stated that these attacks raised as much as $2bn (£1.7bn).
The full report states that South Korea has been the most frequently targeted country, having been the target of 10 of the identified cyber attacks, AP states. The country is host to many cryptocurrency exchanges which were targeted by the hackers. South Korea-based Bithumb – one of the world’s largest and most frequently attacked cryptocurrency exchanges – was targeted by North Korean hackers at least four times: twice in 2017, once in 2018 and once in 2019. India suffered three attacks, while Bangladesh and Chile suffered two each. Costa Rica, Gambia, Guatemala, Kuwait, Liberia, Malaysia, Malta, Poland, Slovenia, South Africa, Tunisia and Vietnam all suffered one attack each.
According to the UN experts, there are three low-risk and high-yield routes through which the North Korean hackers operate: theft of cryptocurrency from users and exchanges; cryptocurrency mining via infecting a computer and using its resources to solve cryptographic problems, and attacks on the system (Society for Worldwide Interbank Financial Telecommunication system) used to transfer money between banks by hacking bank infrastructure to send fraudulent messages and destroy evidence of the attacks. These attacks can be carried out using just a laptop and internet access.
In one instance, the hackers were able to access the infrastructure for an ATM system and install malware altering how transactions are processed, redirecting 10,000 cash distributions to North Korean agents from across 20 countries. In another instance, the hackers used LinkedIn to advertise a job on behalf of Chilean banking network Redbanc, which connects the ATMs of all of Chile’s banks.
In addition to the cyber attacks, the report describes efforts to violate sanctions on coal exports and to import luxury goods such as limousines used for a high-profile summit between US President Donald Trump and Supreme Leader of North Korea Kim Jong-un.