On 12 June 2018 President Trump met the North Korean leader Kim Jong-Un in what was seen as a historic move towards peace.
The US wanted denuclearisation by DPRK, the Democratic People’s Republic of Korea and Kim Jong-Un wanted sanction relief and international investment.
But on 6 September the FBI published charges against an alleged member of hacking group Lazarus for contributing to a series of cyber attacks worldwide. It is alleged that the group is backed by the North Korean government.
North Korea cryptocurrency hacks and cyber intrusions
Rafe Pilling, Senior Threat Intelligence Researcher at Secureworks Counter Threat Unit, said developments in North Korea’s nuclear programme or international relations will not change its agenda for cyber intrusions in the short term.
He added that while this specific indictment, “may appear largely symbolic, it demonstrates that nations cannot conduct these reckless acts of disruption without consequences”.
The Lazarus Group has been operating since 2009 when it is alleged to have infected US and South Korean websites with the MyDoom virus.
Now operations appear to have shifted to attacking financial institutions, to steal money to fund Kim Jong-Un’s regime, according to Pilling.
Pilling said: “North Korea has a range of illicit fund generation programmes of which cyber intrusions appear to be a significant component.
“While North Korea remains outside the normal diplomatic, trade and economic channels it is likely to continue pursuing all available options for the generation of revenue to support the government.”
Series of worldwide attacks linked to North Korea
One of Lazarus’s alleged attacks was the WannaCry ransomware virus in 2017 that infected computers in schools, hospitals and businesses in 150 countries.
It is also alleged to have been involved in the 2014 attack on Sony.
The Sony Pictures Entertainment hack was thought to be a North Korean state-sponsored attack, because the hackers wiped as well as stole data and exposed employee information.
Lazarus hackers appeared to be trying specifically to harm Sony employees after they released the Seth Rogen film about Kim Jong-Un, The Interview.
This year, in January, the North Korean hackers were linked to attacks on a South Korean cryptocurrency exchange called Coinlink.
The US cyber-security firm Recorded Future analysed the malware in this attack and saw similar types of codes used by Lazarus against Sony and in WannaCry.
US identifies Lazarus hacker in cyberattacks
Pilling said: “The US, working with international partners, has the ability to not just identify the nation responsible but the specific individuals that perpetrate costly and disruptive cyber-attacks.”
Lazarus apparently began attacking cryptocurrencies in 2017, stealing $7m from one of the world’s largest bitcoin exchanges, Bithumb.
An attack in December 2017 on South Korean bitcoin exchange YouBit mirrored the previous attacks, once again pointing at North Korea.
Ross Rustici, senior director of intelligence at Cybereason, said: “The DPRK’s interest in cryptocurrency is primarily driven by the sanctions regime it is operating under, both as a way to avoid losing funds to frozen accounts and as a way to generate currency to make up for the loss of revenue resulting from the enforcement of sanctions.”
But he claims that North Korea currently sees no incentive to stop what it views as a very successful hacking program.
He said: “The global community is fixated on missiles and nuclear weapons and hacking has largely been absent from the international conversation.
“Additionally, because of the punitive regime already in place, there is little that can be done to further deter North Korean action.”