365 days a year: solutions, knowledge and networking.
Find and offer innovative IT security solutions, take part in our diverse action program and make and maintain contacts.
Become part of the it-sa 365 community!
So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.
So that you can make an onsite appointment, the appointment request will open in a new tab.
When states carry out cyber attacks, they are usually for sabotage or espionage. However, there is at least one country that uses cybercrime to rehabilitate its ailing finances. For North Korea, cybercrime seems to have become a lucrative business.
Among the main players in cybercrime is a country that otherwise plays a rather unimportant role. North Korea balances its national budget to a considerable extent with loot from cybercrime.
The small country on the border with China has just 25 million inhabitants and a ridiculously low economic power. The United Nations estimates that North Korea's per capita gross domestic product of USD 600 is only one fortieth of that of South Korea. Yet when it comes to cybercrime, North Korea is one of the global players. Although the country has only a few hundred IP numbers, "western security agencies and IT security companies consider it one of the world's top four nation-state cyberthreats, along with China, Russia and Iran", writes the online magazine ArsTechnica. The country's primary concern is neither sabotage nor espionage, but simply money. The US magazine New Yorker describes these activities as follows: "North Korea's cybercrime programme is a hydra whose tactics range from bank robberies to the use of ransomware to the theft of cryptocurrencies from online exchanges.
For the small country, cybercrime is a way to obtain urgently needed foreign currency. North Korea is said to have looted up to two billion US dollars in 2022 alone. The focus is now on cryptocurrencies such as Bitcoin or Ethereum. Last year, about as much cryptocurrency was obtained as in the previous years combined.
An internal UN report, quoted by various media outlets, reveals these and other details of North Korean cyber activities. According to the report, the captured sums are used in particular to finance nuclear weapons and missile programmes. As early as 2019, UN sanctions monitors reported that North Korea generated an estimated two billion US dollars over several years for its weapons of mass destruction programmes through widespread and increasingly sophisticated cyberattacks. The US-based blockchain analytics firm Chainalysis' assessment of this is that "it is not an exaggeration to say that cryptocurrency hacking is a significant part of the national economy". According to ArsTechnica, the father of the incumbent leader, Kim Jong Il, is quoted in a book published by the North Korean army as saying: "If the internet is like a weapon, cyber attacks are like atomic bombs".
While it is estimated that only less than one per cent of the North Korean population has restricted and closely monitored access to the internet, potential members of the estimated 7,000-strong cyber army are identified as early as school. Gifted talents are selected and then trained in elite government institutions. With some of them also receiving training in China and other countries, where they gain additional experience and learn to speak English perfectly. Security specialist and vice-president at Chainalysis, Erin Plante, says: "They train people who show the first signs of cyber competence and send them to other places around the world to integrate them into organisations and into society and culture. There are these hacker cells all over Asia-Pacific that are merging with the rest of the tech community."
According to information from the New Yorker, the best hackers who were involved in scams in which millions of US dollars worth of foreign currency were captured would be rewarded with cars or comfortable houses, as well as similar material benefits. Such values are unattainable for ordinary citizens of North Korea, that's why they are dubbed "special gifts from Kim Jong Un", the North Korean leader.
Experts expect North Korean hackers to increase their attempts to steal advanced South Korean technologies and confidential information on South Korean foreign policy and national security strategies through cyberattacks this year. Therefore in December last year, high-level diplomats from the United States, South Korea and Japan agreed to step up efforts to curb illegal North Korean cyber activities. Details of this have not yet been disclosed.
North Korean hackers are currently increasingly attacking targets in Germany. For example, Google Chrome users are being tricked into installing a browser extension. However, this extension is only used to capture access data, especially for email accounts. With the help of these account data, the attackers try, among other things, to install a malicious app on the smartphone. For this purpose, a test group is initiated to which attacked users are added. It is then possible to install contaminated apps on other devices without being noticed and without manual intervention. This is the result of a warning issued by the Federal Office for the Protection of the Constitution (BfV), where further details on the attacks can also be found.
Author: Uwe Sievers
