The U.S. Department of State, the Department of Treasury, the DHS, and the FBI have issued a joint advisory that provides guidance on North Korean hacking activity and includes measures for the international community, network defenders, and the public to mitigate the threat.
“Under the pressure of robust U.S. and UN sanctions, the DPRK has increasingly relied on illicit activities – including cybercrime – to generate revenue for its weapons of mass destruction and ballistic missile programs. In particular, the United States is deeply concerned about North Korea’s malicious cyber activities, which the U.S. government refers to as HIDDEN COBRA. The DPRK has the capability to conduct disruptive or destructive cyber activities affecting U.S. critical infrastructure. The DPRK also uses cyber capabilities to steal from financial institutions, and has demonstrated a pattern of disruptive and harmful cyber activity that is wholly inconsistent with the growing international consensus on what constitutes responsible State behavior in cyberspace,” the advisory said.
The authorities said that North Korean state-sponsored hacker groups mostly consist of hackers, cryptologists, and software developers who engage in cyber espionage campaigns, target financial institutions and digital currency exchanges in order to steal money, and conduct politically-motivated operations against foreign media companies.
The observed tactics include:
Cyber-enabled financial theft and money laundering
Extortion campaigns
Cryptojacking
According to the advisory, North Korean threat actors have also acted as hackers-for-hire, hacking websites and extorting victims for third-party clients.
The US government has offered a reward of up to $5M for information related to North Korean hacking activity, including past or ongoing operations. The authorities have also warned that individuals and entities involved in or supporting DPRK cyber activity might face the consequences of engaging in illicit activities, including sanctions and seizure of funds and assets.