North Korea’s cybercrime threat is growing in both size and sophistication
North Korean hackers have stolen more than $3 billion in the past three years, the U.S. Treasury Department announced on November 4. The department issued sanctions on two North Korean individuals based in their home country and six of their enabling partners based in China and Russia, along with two North Korean banks responsible for enabling some of the Democratic People’s Republic of Korea’s (DPRK’s) ill-gotten gains. The designated individuals processed the results of crypto heists and laundered millions of dollars from the salaries of North Korean IT workers employed by global tech companies, with the proceeds going to finance Pyongyang’s military goals.
Historically, North Korea has used forced labor to generate millions of dollars for its nuclear and ballistic missile programs. More recently, Pyongyang has relied on its hackers. An October report from the United Nations’ multilateral sanctions monitoring team concluded, “Nearly all the DPRK’s malicious cyber activity, cybercrime, laundering, and IT work is carried out under the supervision, direction, and for the benefit of entities sanctioned by the UN for their role in the DPRK’s unlawful WMD and ballistic missile programs.”
North Korea’s IT workers continue to secure remote IT positions at tech companies, some taking advantage of AI deepfakes to conceal their true identities. The workers send their salaries back to the North Korean regime and sabotage their nominal employers. In September, cybersecurity firm Okta found that North Korea’s current worker scheme “threatens nearly every industry that hires remote talent.”
Read more at Foundation for Defense of Democracies