North Korea denies $2.2bn state sponsored cyber-crime spree

News by SC Staff

North Korea has again denied allegations that the rogue state stole $2.2 billion (£1.8 billion) via cyber-crime, and described the claims as a "sheer lie," like Hitler's propaganda.

On Sunday KCNA, North Korea’s state news agency, issed a statement by a spokesperson from the National Coordination Committee of the DPRK for Anti-Money Laundering and Countering the Financing of Terrorism which denied allegations that North Korea "illegally forced the transfer of two billion US dollars needed for the development of WMD programmes by involving cyber-actors".

It adds: "Such a fabrication by the hostile forces is nothing but a sort of a nasty game aimed at tarnishing the image of our Republic and finding justification for sanctions and pressure campaign against the DPRK. A question being raised is on such fabricated information, unreasonably accusing us with no scientific ground, reflected even in the Midterm Report of the Panel of Experts of the Sanctions Committee against the DPRK, the UN Security Council, which we have never ever recognised."

It makes the UN/Hitler comparison saying: "the fabrication of such a sheer lie by the ringleaders of cyber crime and all other crimes is quite an absurd act aimed at re-enacting the same old trick as the Hitler fascist propagandists used to cling to, often saying ‘tell a lie a hundred times and it will pass as a truth."

Noneless, it is a viewpoint supported by most western commentators. In an email to SC Media UK, John Titmus, Director of EMEA, Crowdstrike referred to its own research as substansiating the UN claims, saying: "While the DPRK has issued a statement which denied the UN’s allegations that it amassed US$ 2 billion ($1.66 billion) through crypto-jacking, we’ve identified an ongoing trend of associated state actors targeting the global financial sector.

"Our most recent Global Threat report assessed that a DPRK-based group known as ‘Stardust Chollima’ carried out theft-of-funds operations in multiple Latin American countries including Mexico, Costa Rica, Chile and Argentina. ‘Stardust Chollima’ has also been associated with attacks against financial institutions in Asia and Africa in 2018. In 2018, another group known as ‘Labyrinth Chollima’ continued to use cryptocurrency-themed lures to attack the financial sector, a trend first observed in mid-2017. 

"The continued targeting of the financial sector by DPRK actors is assessed to align with the DPRK’s recent national policy shift from "Byungjin" — the dual-track policy aimed at nuclearisation and economic growth. Previous cyber-enabled criminal operations by the DPRK aimed at currency generation have likely been viewed as successful by the regime and, as such, will likely continue to be a priority in DPRK cyber-operations in the near future."

Last August SC reported how North Korea was accussed of hacking cryptocurrency exchanges to fund Weapons of Mass Destruction programmes. According to a UN report leaked to AP and Reuters, "Democratic People’s Republic of Korea cyber-actors, many operating under the direction of the Reconnaissance General Bureau, raise money for its WMD (weapons of mass destruction) programmes, with total proceeds to date estimated at up to two billion US dollars."  It also said that North Korea hit the South Korean exchange Bithumb and stole around US$ 65 million (£54 million). 

Group-IB has suggested that a cyber-crime group which it called Lazarus, and believes to be North Korean, is responsible for US$ 571 (£473 million) of the US$ 882 million (£731 million) crypto currency stolen from exchanges up to early 2018.  Even earlier, the Lazarus group was believed to be behind an US$ 81 million (£67 million) cyber-heist at the Bangladesh central bank.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews