North Korea used “increasingly sophisticated” methods to steal record amounts of cryptocurrency assets in 2022, according to a currently classified United Nations report.
Hackers from the country targeted the networks of foreign aerospace and defense companies, the report said. South Korea estimates North Korea-linked hackers stole $630 million worth of virtual assets in 2022, an independent sanctions monitor said. Another cybersecurity firm estimates that North Korean cybercrime has generated more than $1 billion worth of cyber currency.
“Changes in the dollar value of cryptocurrencies in recent months may have influenced these estimates, but both point to 2022 being a record-breaking year for virtual asset theft in North Korea,” the U.N. report said.
American blockchain analysis firm Chainalysis came to the same conclusion last week. Hackers with ties to North Korea, such as those in the cybercrime group Lazarus Group, were by far the most prolific cryptocurrency hackers, stealing an estimated $1.7 billion worth of assets in multiple attacks last year, the report said.
The Lazarus group is accused of being involved in the "WannaCry" ransomware attack, the hacking of international bank and customer accounts, and the 2014 cyberattack on Sony Pictures Entertainment. Last May, China and Russia vetoed a U.S.-led U.N. effort to impose more sanctions on North Korea. This includes a proposal to freeze the assets of the Lazarus hacking group.
"(North Korea) is using increasingly sophisticated cyber technologies to gain access to digital networks involved in cyber finance and to steal potentially valuable information, including its weapons programmes," the sanctions monitor reported to the UN Security Council committee.
Most of the cyberattacks were carried out by groups controlled by North Korea's main intelligence agency, the Reconnaissance General Bureau, monitors said. Those groups included hacking teams tracked by the cybersecurity industry under the names Kimsuky, Lazarus Group and Andariel, it said.
"These actors continue to illegally target victims to generate revenue and solicit valuable information from North Korea, including its weapons programmes," the UN report said.
The sanctions watchdog said the groups deployed the malware through a variety of methods, including phishing. One of the campaigns targets employees in organizations in different countries. "Initial contact with individuals was made via LinkedIn, and once a level of trust had been established with the target, the malicious payload was delivered via ongoing communications on WhatsApp," the UN report said.
It also said that a North Korea-linked group called HOlyGhOst "extorted ransom from small and medium-sized businesses in multiple countries by distributing ransomware in a widespread, economically motivated campaign," according to a cybersecurity firm. .”
The U.N. report, presented to the 15-member council's North Korea sanctions committee on Friday, cited information from U.N. member states and cybersecurity firms. The document will be released publicly later this month or early next month, diplomats said.
