US authorities believe North Korea targets critical infrastructure objects with ransomware and pours ransom money to fund Pyongyang’s policies.
North Korea employs offensive cyber operations targeting healthcare and public health sectors with ransomware. The proceeds, mostly in cryptocurrency, are later used to fund additional offensive policies of the Democratic People’s Republic of Korea (DPRK).
“[…] unspecified amount of revenue from these cryptocurrency operations supports DPRK national-level priorities and objectives, including cyber operations targeting the United States and South Korea governments,” reads CISA’s alert.
CISA, the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS), and South Korea’s Defense Security Agency and National Intelligence Service advise victims against succumbing to ransom demands as paying up rarely guarantees attackers will decrypt files.
Public sector organizations are far from the only targets DPRK-based state-sponsored threat actors aim at. North Korean hackers were behind some of the largest crypto heists in history.
For example, the FBI has confirmed that the DPRK hacker collective, dubbed Lazarus group, was behind the theft of around $100 million from the Horizon bridge.
Last year, the North Korea-linked collective focused on the Decentralized Finance (DeFi) industry and cross-chain bridges. The US Treasury also pinned the $625 million Ronin Bridge hack on the group.
According to a US Army report, around 6,000 hackers allegedly work for the state and operate in over 150 countries. A tenth of North Korea’s gross domestic product stems from cybercrime – specifically, fraud, theft, and ransomware.
“Simply put,” the former US Assistant Attorney General for National Security John Demers remarked in February 2021, “the regime has become a criminal syndicate with a flag.”
Your email address will not be published. Required fields are markedmarked