Cyber Security Center

US is offering up to $5 million for information on North Korea’s cyber attacks


The US government is offering up to $5 million for information on North Korean hackers responsible for stealing over $2 billion by targeting the financial sector.

 

rsz_screen_shot_2020-04-16_at_162538

In a joint statement, the US Department of State, the Treasury, Homeland Security, and the Federal Bureau of Investigation describe the malicious cyber activities by North Korea as threatening “the United States and the broader international community, and, in particular, pose a significant threat to the integrity and stability of the international financial system”.

North Korean state-sponsored actors, which consist of hackers, cryptologists, and software developers have conducted espionage, targeted financial institutions and digital currency exchanges, and performed politically-motivated operations against foreign media companies in the past, and continue to do so now.

According to the statement, Democratic People’s Republic of Korea (DPRK) is actively targeting the financial sector in order to generate revenue. Reportedly, the country has already stolen over $2 billion to fund various weapon programs. The country is suspected to have carried out cyber-enabled heists, hacked digital currency exchanges and stolen hundreds of millions of dollars in digital currency, as well as laundered funds.

The US government has attributed the following cyber operations to North Korea:

  • Sony Pictures. An attack carried out in November 2014, believed to be in retaliation to the 2014 film “The Interview”.
  • Bangladesh Bank Heist. It is believed that on February 2016, the DPRK state-sponsored actors targeted financial institutions around the world and managed to steal $81 million from the Bangladesh Bank through unauthorized transactions.
  • WannaCry 2.0. North Korea is believed to be responsible for the 2017 May WannaCry ransomware attack that affected hundreds of thousands of computers around the world.
  • FASTCash Campaign. North Korea state sponsored actors are believed to be responsible for the FASTCash ATM cash withdrawal scheme that allowed them to steal tens of millions of dollars from ATMs in Asia and Africa.
  • Digital Currency Exchange Hack. The US Department of Justice believes that state-sponsored cyber actors hacked a digital currency exchange service and stole nearly $250 million worth of digital currency.

 

The report further explains that North Korean hackers have “conducted extortion campaigns against third-country entities by compromising an entity’s network and threatening to shut it down unless the entity pays a ransom”. The hackers are also suspected of hacking websites and extorting targets for money.

Finally, malicious North Korean actors have also compromised victims’ machines and stole their computing resources for digital mining purposes.

“These activities highlight the DPRK’s use of cyber-enabled means to generate revenue while mitigating the impact of sanctions and show that any country can be exposed to and exploited by the DPRK,” the statement reads.

The US government is now offering a reward of up to $5 million for information about North Korea’s illegal activities, including past and ongoing operations, in cyberspace.