1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

North Korea cyberattacks net $2 billion

Wesley Rahn with Reuters
August 6, 2019

North Korea has been supporting its weapons program using sophisticated cyberattacks to hack banks and cryptocurrency exchanges. The attacks are reportedly getting more sophisticated and harder to trace.

Computer hardware
Image: picture-alliance/picturedesk.com/H. Ringhofer

North Korea is using cyberattacks on banks and cryptocurrency exchanges to fund its weapons programs, according to a UN Security Council report seen by Reuters news agency on Monday.

The report, compiled by independent experts monitoring Pyongyang's compliance with international sanctions over the past six months, said that North Korea is carrying out "widespread and increasingly sophisticated" cyberattacks. The experts say these measures have so far netted the rogue state over $2 billion (€1.7 billion).

The report also said that North Korea is using "increasingly sophisticated attacks to steal funds from financial institutions and cryptocurrency exchanges to generate income."

At least 35 reported instances in 17 countries of North Korea-affiliated actors attacking financial institutions and cryptocurrency exchanges are currently under investigation, according to the report. 

Using cyberattacks allows North Korea to "generate income in ways that are harder to trace and subject to less government oversight and regulation than the traditional banking sector."

North Korea is cut off from conventional revenue sources by UN sanctions and is forbidden from exporting coal, iron, lead, textiles and seafood. 

Read more: China's Xi in North Korea: It's the economy

'Do not underestimate' North Korea 

According to a another report on North Korea's cyber operations released Monday by 38 North, a North Korea think tank based in Washington, the cyber capabilities of the North Korean government "should not be underestimated."

The 38 North report said that although cyberattacks can be difficult to trace, an "identifiable signature" can be used to link an attack to North Korea.

"The industry knows the architecture of North Korean cyber activities quite well and the DPRK generally doesn't try that hard to obscure their operations, " said the report, referring to the Democratic People's Republic of Korea, the country's official name.

Read more: North Korea missile launches a 'solemn warning' — state media

Hacking for Germany

Who is behind the hacking? 

A North Korea-linked group of hackers known as Lazarus is suspected by experts of being behind several cyberattacks in recent years.

One high-profile cyber heist linked to Lazarus was the theft of $81 million (€72 million) from the account of the Bangladesh central bank at the Federal Reserve Bank of New York in February 2016.

In 2017, $60 million was stolen from Taiwan's Far Eastern bank after the bank's computer systems were attacked by malware, which, according to analysts, is similar to that used in other Lazarus hacks.

Read more: North Korea's murky links to international cybercrime

The type of malware used by Lazarus was also linked to the 2014 Sony hack, which erased the entertainment company's servers and cost it at least $15 million. The US Federal Bureau of Investigation (FBI) blamed the attack on North Korea. 

"North Korea has used crime to support the Kim family's expensive tastes and the DPRK's weapons of mass destruction program for decades. The DPRK has merely turned state-run criminal enterprises to cybercrime," James Lewis, an international cybersecurity expert at the Center for Strategic and International Studies (CSIS), told DW.

DW sends out a selection of the day's news and features. Sign up here.

Wesley Rahn Editor and reporter focusing on geopolitics and Asia