North Korea’s Cyber Crime Spree: Kim Jong Un’s Hacker Unit Steals Billions, Part 1
![北 핵·미사일 자금줄은 어디…김정은 ‘최애’ 해커부대, 3년간 4조1700억원 ‘도둑질’[이현호 기자의 밀리터리!톡]](https://contents-cdn.viewus.co.kr/image/2024/02/CP-2023-0094/image-e24d8b74-7916-42e9-9698-8e64b2280e0e.jpeg)
There is a notorious organization in the cyberworld known as “Andariel,” a specialized hacker unit from North Korea. This organization is infamous for its specialization in financial crimes. But that’s not all. North Korea has other infamous world-class hacker units, such as “Kimsuky,” “Lazarus,” and “BlueNoroff.” Last year, Andariel gained fame by hacking dozens of South Korean defense companies and stealing 1.2TB of key technical data.
As such, it has been revealed that North Korea has stolen trillions of won in virtual assets by upgrading its hacking technology to procure funds for the development of nuclear weapons and weapons of mass destruction (WMD).
The “2024 National Risk Assessments for Money Laundering, Terrorist Financing, and Proliferation Financing,” announced by the U.S. Department of the Treasury on the 7th (local time), reported, “North Korea is cleverly seizing virtual assets to raise funds needed for weapons of mass destruction (WMD),” and “They are earning massive income by stealing from legal currency and virtual assets, including hacking attacks on virtual assets and virtual asset service providers (VASPs) and ransomware attacks (malicious software that invades computers and networks, encrypts or blocks access, and demands ransom).”
North Korea dispatches IT personnel abroad for predatory cyber activities
So, how much does North Korea steal in virtual assets?
Citing a report submitted to the UN Security Council (UNSC) Sanctions Committee on North Korea by the Expert Panel of the UNSC last August, the U.S. Treasury Department announced, “North Korean hackers are estimated to have raised $1.7 billion in virtual assets through cyber theft in 2022,” surpassing previous records. Last year, it was $1 billion; in 2021, it was $429 million, totaling $3.129 billion stolen over three years.
“They even send IT personnel abroad to continue their predatory cyber activities,” the U.S. Treasury Department pointed out. “They use fraudulent means to contract on digital platforms while hiding their identity.” This indicates that they are working remotely while concealing their nationality and identity, which is why it is believed that North Korea is making foreign currency through cyberattacks targeting the world.
Another risk assessment report on money laundering warned that “a significant portion of recent ransomware incidents have been linked to cybercrime organizations that North Korea offers safe havens through ties to Russia” and that collaboration between North Korea and Russia in cybercrimes is rapidly increasing.
![北 핵·미사일 자금줄은 어디…김정은 ‘최애’ 해커부대, 3년간 4조1700억원 ‘도둑질’[이현호 기자의 밀리터리!톡]](https://contents-cdn.viewus.co.kr/image/2024/02/CP-2023-0094/image-5e5e4c17-4ef1-42ff-974b-36dc90c06157.jpeg)
It is well known that North Korea is using the virtual assets it has stolen as a source of funds for the development of nuclear weapons, missiles, etc. Therefore, with the recent expansion of hacking areas, countermeasures are urgently needed.
“North Korean hackers continue to succeed in attacks targeting international virtual assets and other financial transaction methods, but it is not easy for countries to block them,” IT experts say. “Recently, they are expanding their targets to foreign virtual currencies and defense, energy, and health sector companies.”
Anne Neuberger, Deputy Assistant to the National Security Council (NSC) for Cyber and Emerging Technology, said in a December 2018 interview with Politico, a political specialty media, “The top priority of the U.S. in responding to North Korea’s cyber attacks is to eradicate the thefts of virtual assets.”
In particular, Neuberger expressed concern that due to the characteristics of the virtual asset field, which has virtually no regulation despite its rapid growth and is vulnerable to security, virtual assets are becoming easy prey for North Korean hackers and the targets of predatory cyber attacks are recently increasing.
Thus, the top U.S. cyber command’s perception of North Korea’s escalating malicious cyber activities is significantly heightened by a sense of crisis.
Since 2006, North Korea has been under UN Security Council sanctions related to nuclear and missile development. In addition, South Korea, the U.S., and Japan are operating a tripartite cooperation body to prevent North Korea’s virtual asset hacking. Because of this, North Korea’s hacker units’ IT personnel modified their tactics to conduct activities abroad while hiding their identities.
Most Commented