SIM Report: Northeast Asia, Issue 6
The US Department of Justice (DOJ) has charged two Chinese nationals with 'money laundering conspiracy and operating an unlicensed money transmitting business.' The accused allegedly laundered over USD100 million worth of stolen cryptocurrency for a North Korea-linked hacking group. According to DOJ documents released on 2 March, the illegal proceeds came from a USD250m theft from two different unidentified cryptocurrency exchanges that were hacked by Lazarus Group, a North Korean regime-linked cyber-threat group.
The cybercrime syndicate stole the money in 2018 after a staff member fell victim to a phishing attack, downloading malware in an email that allowed Lazarus Group access to cryptocurrency, private keys, and further customer data, according to the US treasury department. The threat actor used the keys to steal the funds, which comprised almost half of North Korea’s estimated cryptocurrency thefts in 2018. The treasury department also sanctioned the accused for helping Lazarus Group, which is subject to US sanctions. The US treasury department sanctioned Lazarus Group and two other North Korean hacker groups in September 2019. The measure followed a UN report in August 2019 which estimated that North Korea has accumulated approximately USD2 billion via ‘increasingly sophisticated attacks’ targeting cryptocurrency exchanges and other financial institutions in order to fund its weapons of mass destruction programmes.
The money laundering methods outlined by the justice department indicate a high degree of sophistication. The accused employed 113 virtual currency addresses and accounts, masking transactions via transfers to multiple Chinese bank accounts and prepaid Apple iTunes gift cards. The US has taken actions against Chinese banks such as Bank of Dandong, which it sanctioned in 2017, over alleged business ties to the North Korean regime. The indictment is an unprecedented move by Washington in combating North Korea’s cyberattacks on cryptocurrency exchanges and other financial institutions to finance its weapons programmes. Cryptocurrency exchanges are especially vulnerable due to the anonymity of virtual assets and lax regulations in some jurisdictions. Hacks by North Korea-linked cybercriminals on cryptocurrency exchanges have demonstrated increasing complexity. A report by US-based cryptocurrency firm Chainalysis recently said that Lazarus Group in March 2019 conducted a cyberattack on Singapore-based DragonEx cryptocurrency exchange and stole USD7 million worth of virtual assets. The cybercriminal syndicate created a hoax online business and approached high-ranking DragonEx and gave them a free trial of an automated cryptocurrency trading bot, which granted the cyber attackers access to their computers and thieve large amounts of money.
Cyberthefts by North Korean hacker groups have increased in tandem with ever-restricting sanctions on North Korea, including sanctions in January 2020 on entities accused of exporting North Korean labour abroad. A 2017 UN resolution called on members to repatriate all North Koreans by 22 December 2019, with some exceptions. According to a February 2020 report by US-based cybersecurity firm Recorded Future’s Insikt Group, internet activity in North Korea has surged 300 per cent since 2017. Cyberattacks are almost certain to remain a tool in Pyongyang’s arsenal of asymmetrical warfare strategies aimed at circumventing sanctions. Cyberattacks may increase in the short-to-medium term should the coronavirus (COVID-19) become a significant public health risk in the hermit kingdom, as the regime would likely impose mobility restrictions that limit economic activity. North Korea shares a porous border with China, the epicentre of COVID-19, and North Korea monitoring groups claiming to have inside sources said that there are cases in the country, despite the Pyongyang’s official stance that there are none.
WANT TO READ MORE ANALYSIS IN THIS LATEST SIM EDITION...
CHINA & US: WASHINGTON'S LIMIT ON THE NUMBER OF US-BASED CHINESE REPORTERS IN ESCALATING DISPUTE RAISES RISKS FOR FOREIGN MEDIA IN CHINA
SOUTH KOREA: COVID-19 HITS SOUTH KOREAN BUSINESSES ABROAD