Just as North Korean smugglers have relied on organized crime syndicates like the Japanese Yakuza to traffic narcotics and launder money in the physical world, North Korean hackers appear to have engaged in cyberspace with foreign criminals to obtain advanced tools and organize collection of in country payouts. “Simply put,” the former Assistant Attorney General for National Security John Demers remarked in February 2021, “the regime has become a criminal syndicate with a flag.”Ĭollaboration with foreign groups has long been a key feature of Pyongyang’s criminal initiatives in the physical world, and cyberspace is no exception. For analytical purposes, North Korean financially motivated operations should be viewed dually through the lenses of criminality and statecraft. FireEye notes that if not for the North Korean threat cluster APT38’s government backing, the group might have been better categorized as a “FIN” outfit. State-sponsored or not, specialized tools designed to exploit a bank network or steal credit card information from an e-commerce site are criminal in nature. Its opportunistic targeting of financial institutions, engaging in “big-game hunting” as well as petty e-crime, and enlistment of “money mules” to launder profits all mirror common criminal tactics. Considered alongside cybercriminals, however, North Korea’s behavior becomes more familiar. In the latter regard, North Korea is believed to be unique among states. Pyongyang participates actively in those sorts of activities – the theft of classified U.S.-South Korean war plans and the attack on Sony Pictures Entertainment (SPE) come to mind – but additionally devotes significant resources to illicit revenue generation via theft. Most governments concentrate their offensive cyber resources on espionage, sabotage, and information campaigns that might involve stealing military secrets or strategically leaking documents from foreign political parties. North Korean financially motivated hackers often behave in cyberspace more like criminals than traditional state actors. North Korean financially motivated operations should be viewed dually through the lenses of criminality and statecraft. Crucially, as Daniel Pinkston has written, “cybercrime offers remote access to illicit revenue without the risks of being detained and prosecuted abroad.” The sharply increasing pace and scale of North Korean financially motivated operations since the early 2010’s reflects their growing importance in Pyongyang’s cyber arsenal. Profits from computerized theft are also believed to help fund other components of North Korea’s cyber program, from hacker training to tooling development to non-remunerative campaigns designed to gather intelligence or cause destruction. It can enable the procurement of banned military or dual-use technology as well as luxury goods for Pyongyang elites. The illicit revenue those operations generate helps blunt the impact of tough global sanctions and supports the regime’s ballistic-missile and nuclear-weapons programs. Over the last decade, financially motivated operations have come to play a central role in North Korea’s cyber strategy. Introduction: “A Criminal Syndicate with a Flag”
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |