U.S. Offers Rewards up to $5 Million for Information on North Korean Hackers

The United States agencies today released a joint
advisory^[1] warning the world about
the ‘significant cyber threat’ posed by North Korean
state-sponsored hackers to the global banking and financial
institutions.

Besides a summary of recent cyberattacks attributed to North
Korean hackers, the advisory—issued by U.S. Departments of State,
the Treasury, and Homeland Security, and the FBI—also contains a
comprehensive guide intends to help the international community,
industries, and other governments defend against North Korea’s
illicit activities.

“In particular, the United States is deeply concerned about
North Korea’s malicious cyber activities, which the U.S. government
refers to as HIDDEN COBRA. The DPRK has the capability to conduct
disruptive or destructive cyber activities affecting U.S. critical
infrastructure,” the advisory says.
^[2]

“The DPRK also uses cyber capabilities to steal from financial
institutions, and has demonstrated a pattern of disruptive and
harmful cyber activity that is wholly inconsistent with the growing
international consensus on what constitutes responsible state
behavior in cyberspace.”

Notably, it also mentioned that the U.S. government is now
offering a monetary reward of up to $5 million to anyone who can
share ‘information about illicit North Korea’s activities in
cyberspace,’ including past or ongoing hacking operations.

The well-known North Korea hacking group out of all is the
Lazarus group, also known as Hidden Cobra and
Guardians of Peace, that has been linked to several high-profile
disruptive and espionage-related cyberattacks.

The first part of the report lists a broad categorization of
cyber activities targeting financial institutions through which
North Korea generates revenue while bypassing sanctions imposed by
the UN Security Council.

This list includes:

• Cyber activities to steal money from financial institutions and
  digital currency exchanges,
• Using digital means to illegally launder funds through multiple
  jurisdictions,
• Cyber attacks to conduct extortion campaigns against
  third-country entities,
• Using Cryptojacking
  malware^[4] against victims from
  other countries and abusing their
  systems^[5] to mine digital
  currencies.

According to the United States, North Korea has attempted to
steal as much as $2 billion through these malicious cyber
activities.

“North Korea targets cyber-enabled infrastructure globally to
generate revenue for its regime priorities, including its weapons
of mass destruction programs,” the U.S. government said.

“They develop and deploy a wide range of malware tools around
the world to enable these activities and have grown increasingly
sophisticated.”

Last year September, the United States Treasury Department also
issued sanctions against
three North Korean hacking groups^[6]
for conducting several destructive cyberattacks on the U.S.
critical infrastructure.

The next part of the latest advisory lists some of the
well-known cyberattacks publicly attributed to North Korean
nation-state attackers, including:

“The DPRK has repeatedly targeted the U.S. and other government
and military networks, as well as networks related to private
entities and critical infrastructure, to steal data and conduct
disruptive and destructive cyber activities,” the advisory
says.

In brief, the United States believes North Korea has developed a
robust military-style offensive cyber operation capability that can
be used to conduct more disruptive or destructive attacks against
its critical infrastructures.