The UN Says That North Korea Is About To Escalate Their Cybercrime Activities To Power Their Nuclear Program

Reuters is reporting on a new confidential UN report outlining fresh preparations for nuclear weapons testing in North Korea. The report cites previous concerns from the UN around cybercrime being a key revenue stream for North Korea’s weapons program:

The U.N. monitors also said investigations had shown Pyongyang was to blame for stealing hundreds of millions of dollars worth of crypto assets in at least one major hack. The monitors have previously accused North Korea of carrying out cyber attacks to fund its nuclear and missile programs.

“Other cyber activity focusing on stealing information and more traditional means of obtaining information and materials of value to DPRK’s prohibited programmes, including WMD (weapons of mass destruction), continued,” the monitors wrote.

Kevin Bocek, VP Security Strategy and Threat Intelligence at Venafi had this comment:

“The latest report from the United Nations on North Korean nuclear tests should sound the klaxon of alarm for Western businesses, especially as it specifically mentions cyberattacks being a key source of funding. Our research shows that the proceeds of cybercriminal activities from infamous groups such as Lazarus and APT38 are being used to circumvent international sanctions in North Korea. This money is being funnelled directly into weapons programs. And because developing nuclear weapons is expensive, especially in the face of rising inflation and the cryptocurrency crash, companies should be on high alert that the DPRK will be looking to cash in now and help feed their weapons programs and fund ongoing weapon development.” 

“A key component of North Korean nation state attacks are code signing machine identities, which have become the modus operandi for many of its cybercrime groups. These digital certificates are the keys to the castle, securing communication between machines of all kinds, from servers to applications, Kubernetes clusters and microservices. We’ve seen countless times how North Korean hackers use stolen certificates to access networks, passing malicious software off as legitimate and enabling them to launch devastating supply chain attacks. Incidents such as the 2014 Sony Hack, or the $101 million heist of the Bangladesh Bank via the SWIFT banking system, have demonstrated North Korea’s long standing interest in the malicious use of machine identities. While the latest UN report is an important step in broadcasting this issue to the world, we still need to see governments and businesses act together and share intelligence on these attacks. This will be key to building knowledge on the importance of machine identities in security. If not, we’ll continue to see North Korean threat actors thrive.”

I think it’s safe to say that businesses have a new reason to make sure that their cyber defences are on point. The North Koreans have been extremely active threat actors in the past. And based on this report, they’re about to get a whole lot more active. Which is bad news for the rest of us.

Leave a Reply

%d bloggers like this: