In 2023, we’ve seen North Korea’s use of cybercrime reach new heights. In a July robbery on the crypto exchange WOO X, for instance, they allegedly made off with nearly $14 million from nine different users. This most recent incident underscores a dangerous pattern. North Korea’s hacking efforts have broken all those records. According to estimates from the United Nations, these thefts now account for approximately 13% of North Korea’s gross domestic product (GDP).
In fact, this year there have been over 30 successful attacks by the North Korean hackers on cryptocurrency firms themselves. Analysts at Elliptic have verified these alarming transactions. The Lazarus Group, a notorious hacking team linked to North Korea, has prioritized these cryptocurrency heists to amass significant sums of digital assets. Beyond the WOO X hack, the group stole $1.2 million worth of digital tokens from Seedify. They’re now in the dubious position of having taken an unbelievable $1.4 billion from the crypto exchange ByBit way back in February.
It’s hard not to be blown away by this year’s thefts! For context, the second-highest ransomware actor in 2022 was North Korea, which stole $1.35 billion that year. In reality, experts think those numbers may be even higher. That’s largely due to the fact that cases affecting targeted entities are frequently underreported and not necessarily attributed to North Korean hackers.
Dr. Tom Robinson, chief scientist at Elliptic, said that it’s incredibly challenging to accurately attribute these kinds of cyber thefts. He testified to the difficulty in figuring out who’s behind these thefts and stated that most thefts are probably never even reported.
“Other thefts are likely unreported and remain unknown as attributing cyber thefts to North Korea is not an exact science.” – Dr Tom Robinson
Dr. Robinson agreed that most of the thefts were identifiable as North Korean in origin. Yet, he added, at times there’s not sufficient smoke to draw clear conclusions about attribution.
Western security agencies have repeatedly sounded alarm bells that cyberattacks are enabling North Korea to develop its nuclear weapons and missile development programs. These illicit proceeds are key to fueling their nefarious ambitions. This new connection poses grave doubts about international security, as more widespread implications of North Korea’s cyber operations come to light.
Advanced nation-state hacking teams, such as the infamous Lazarus Group, have produced easily identifiable patterns of life in their methods and tools. This renders them a persistent menace in the digital realm. Though raising awareness of these operations, the North Korean embassy in the UK has so far declined to comment upon request. This silence is particularly worrisome in light of the recent rash of cyber-thefts.