On 12 June 2018 President Trump met the North Korean leader Kim Jong-Un in what was seen as a historic move towards peace.

The US wanted denuclearisation by DPRK, the Democratic People’s Republic of Korea and Kim Jong-Un wanted sanction relief and international investment.

But on 6 September the FBI published charges against an alleged member of hacking group Lazarus for contributing to a series of cyber attacks worldwide. It is alleged that the group is backed by the North Korean government.

North Korea cryptocurrency hacks and cyber intrusions

Rafe Pilling, Senior Threat Intelligence Researcher at Secureworks Counter Threat Unit, said developments in North Korea’s nuclear programme or international relations will not change its agenda for cyber intrusions in the short term.

He added that while this specific indictment, “may appear largely symbolic, it demonstrates that nations cannot conduct these reckless acts of disruption without consequences”.

The Lazarus Group has been operating since 2009 when it is alleged to have infected US and South Korean websites with the MyDoom virus.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Now operations appear to have shifted to attacking financial institutions, to steal money to fund Kim Jong-Un’s regime, according to Pilling.

Pilling said: “North Korea has a range of illicit fund generation programmes of which cyber intrusions appear to be a significant component.

“While North Korea remains outside the normal diplomatic, trade and economic channels it is likely to continue pursuing all available options for the generation of revenue to support the government.”

Series of worldwide attacks linked to North Korea

One of Lazarus’s alleged attacks was the WannaCry ransomware virus in 2017 that infected computers in schools, hospitals and businesses in 150 countries.

It is also alleged to have been involved in the 2014 attack on Sony.

The Sony Pictures Entertainment hack was thought to be a North Korean state-sponsored attack, because the hackers wiped as well as stole data and exposed employee information.

Lazarus hackers appeared to be trying specifically to harm Sony employees after they released the Seth Rogen film about Kim Jong-Un, The Interview.

This year, in January, the North Korean hackers were linked to attacks on a South Korean cryptocurrency exchange called Coinlink.

The US cyber-security firm Recorded Future analysed the malware in this attack and saw similar types of codes used by Lazarus against Sony and in WannaCry.

US identifies Lazarus hacker in cyberattacks

Pilling said: “The US, working with international partners, has the ability to not just identify the nation responsible but the specific individuals that perpetrate costly and disruptive cyber-attacks.”

Lazarus apparently began attacking cryptocurrencies in 2017, stealing $7m from one of the world’s largest bitcoin exchanges, Bithumb.

An attack in December 2017 on South Korean bitcoin exchange YouBit mirrored the previous attacks, once again pointing at North Korea.

Ross Rustici, senior director of intelligence at Cybereason, said: “The DPRK’s interest in cryptocurrency is primarily driven by the sanctions regime it is operating under, both as a way to avoid losing funds to frozen accounts and as a way to generate currency to make up for the loss of revenue resulting from the enforcement of sanctions.”

But he claims that North Korea currently sees no incentive to stop what it views as a very successful hacking program.

He said: “The global community is fixated on missiles and nuclear weapons and hacking has largely been absent from the international conversation.

“Additionally, because of the punitive regime already in place, there is little that can be done to further deter North Korean action.”