The United States government, in a new warning on Wednesday, outlined an aggressive set of countermeasures it said could stymie North Korea’s highly lucrative and often cryptocurrency-dependent global cybercrime campaigns.
Pointing to a laundry list of cyber assaults allegedly initiated by North Korean state actors, the U.S. departments of State, Treasury and Homeland Security plus the Federal Bureau of Investigation (FBI) argued that cutting the Hermit Kingdom’s money flow – said to be billions of dollars raised over the past two years including $1.5 billion in crypto – is vital to stopping the rogue regime’s development of weapons of mass destruction.
“We strongly urge governments, industry, civil society and individuals to take all relevant actions” to stop future attacks from occurring, the agencies said. This includes implementing tough anti-money-laundering frameworks for digital currency, expelling North Korean IT workers, following best cyber practices, and communicating with law enforcement.
Together, these steps could help mitigate a threat the U.S. government is calling “Hidden Cobra.” The crypto focus of this criminal pattern of activity dates back to at least May 2017, when the WannaCry ransomware attack infected hundreds of thousands of computers and demanded bitcoin as ransom. World governments have blamed North Koreans for the hack.
Since then, the U.S. agencies assert, Hidden Cobra’s perpetrators have mounted increasingly sophisticated and diverse cyber campaigns – including multiple plots entirely dependent on digital currency. Cryptojacking has collectively raised $25,000 in monero and money laundering has washed hundreds of millions in stolen exchange funds that would otherwise have fallen under sanctions.
Those campaigns are only expected to rise in prominence. The country is expected to boost its monero activities in 2020 and its $1.5 billion crypto money laundering network is also believed to be ongoing.
“The DPRK also uses cyber capabilities to steal from financial institutions, and has demonstrated a pattern of disruptive and harmful cyber activity that is wholly inconsistent” with international cyberspace norms, according to the U.S. agencies.
U.S officials have maintained a zero-tolerance policy for even the appearance of assisting the North’s crypto operations. Virgil Griffith, an Ethereum developer, was indicted in early 2020 for attending a North Korean crypto conference where he is accused of describing how blockchain systems can be used to evade sanctions.