UN report unravels North Korea’s involvement in cryptocurrency-related attacks

• The panel report also mentions a total loss of $571 million as a result of the cyber attacks.
• It is reported that the attacker groups were sponsored by the Democratic People’s Republic of Korea (DPRK).

A new report by a panel of experts from The United Nations (UN) Security Council has shown that North Korea was responsible for a string of cyber attacks that happened last year. The attacks specifically targeted multiple cryptocurrency exchanges.

The report emphasizes that the North Korea-sponsored attacker groups mainly carried out on crypto to avoid being tracked by authorities.

The big picture

• As per the report, at least five attacks were perpetrated against cryptocurrency exchanges sometime between January 2017 and September 2018.
• The attacks resulted in a loss of around $571 million.
• The majority ($534 million) of this stolen amount was from the Coincheck hack witnessed in 2018.
• The attacks are attributed to the infamous Lazarus group with a possibility of affiliations with other groups.
• The UN panel also pointed out that the country’s Reconnaissance General Bureau (RGB) was supporting other cybercrime activities.

Why it matters - The UN report highlighted how these attacks helped the North Korean government avoid legal barriers in financial transactions.

“Cyberattacks by the Democratic People’s Republic of Korea to illegally force the transfer of funds have become an important tool in the evasion of sanctions and have grown in sophistication and scale since 2016,” the report mentioned.

Apart from cryptocurrency exchanges, other attacks were also directed at financial institutions on an international level with advanced techniques.

“What stands out [from the report] are the amounts of money involved and the sheer scope of the operations, [which are] highly coordinated and disciplined. The ability to breach banking security is extremely worrying and raises broader questions,” Hugh Griffiths of the UN panel told CyberScoop.