681. Following the Crypto: Using Blockchain Analysis to Assess the Strengths and Vulnerabilities of North Korean Hackers
- Author:
- Jason Bartlett
- Publication Date:
- 02-2022
- Content Type:
- Special Report
- Institution:
- Center for a New American Security (CNAS)
- Abstract:
- Under heavy and sustained pressure from decades of economic sanctions, North Korea has rapidly expanded its illicit activity within the cyber domain. In particular, Pyongyang has demonstrated an increasing interest in using evolving financial platforms, such as cryptocurrency and blockchain technology, to compensate for the fiscal losses related to economic sanctions on more traditional forms of commercial activity. Since 2014, the Pyongyang-led cybercrime organization known as the Lazarus Group has transformed from a rogue team of hackers to a masterful army of cybercriminals and foreign affiliates, capable of compromising major national financial networks and stealing hundreds of millions of dollars’ worth of virtual assets. The international community and national governments often incorrectly correlate North Korea’s lack of access to modern computer hardware within its borders to its ability to successfully execute software-reliant cyberattacks. While Beijing and Moscow captivate the attention of most democratic governments concerned about pending cyber intrusions, Pyongyang continues to defy miscalculated expectations by successfully employing myriad sophisticated cyberattacks that target new and developing financial technology. North Korea will likely continue to adapt its cybercrime tactics targeting cryptocurrency to circumvent obstacles presented by economic sanctions on more traditional forms of financial activity and commerce. This report provides in-depth analysis of North Korea’s demonstrated ability to exploit financial technologies, in particular cryptocurrencies and blockchain technology, to procure funds for its illicit nuclear and ballistic weapons development programs. This research was supported through blockchain analysis conducted in partnership with TRM Labs, a leading blockchain intelligence firm that seeks to monitor, investigate, and mitigate crypto fraud and financial crime. Through analyzing three case studies of major North Korean hacks, this report outlines key strengths and vulnerabilities in the Lazarus Group’s campaigns to infiltrate cryptocurrency exchanges and steal, launder, and liquidate funds. The report also provides a snapshot of key policy oversights within the regulatory environment in the crypto space of central stakeholders and countries, such as China, the United States, and South Korea. Lastly, this study offers a prospective look into the future of North Korea–led crypto hacks and provides a series of policy recommendations to strengthen cyber resilience against these efforts.
- Topic:
- Science and Technology, Sanctions, Cybersecurity, and Blockchain
- Political Geography:
- Asia and North Korea