SALT LAKE CITY – June 24, 2021 — North Korea is successfully pioneering a new model of state-sponsored cybercrime that could create a dangerous blueprint for other rogue states to follow, researchers from Venafi®, the inventor and leading provider of machine identity management, warned today. Venafi’s threat intelligence specialists analyzed publicly available information on North Korean-sponsored cybercriminal groups – such as Lazarus and APT38 – and their methods over the past four years to gain insights into how these groups operate – noting the differences between the actions of threat actors from a rogue state and those that are somewhat confined by international law.
Venafi researchers have concluded that cybercrime has become a primary means of revenue generation for North Korea, helping the state to work outside international sanctions. Some estimates suggest that cybercrime profits for North Korea may amount to as much as $1 billion each year. According to the UN Security Council as much $2 billion is already making its way directly into the nation’s weapons programme. In addition, funds generated by cybercrime support the North Korean economy, countering the impact of economic sanctions. As such, cybercrime is essential to the ongoing survival of the Kim Jong Un dictatorship – a regime that has been accused of widespread human rights abuses and nuclear proliferation, threatening others in the region and the wider global community.
The cybercrime model of North Korea could create a blueprint for other nations to develop similar programs. Without international action, Venafi warns that this could result in escalating cyber guerrilla warfare, putting all nations at significant risk.
“The world needs to start taking this threat more seriously,” said Yana Blachman, threat intelligence specialist at Venafi. “North Korean attacks are often more brazen and reckless than those sponsored by other states because they are not afraid of getting caught – this makes them particularly dangerous. North Korea gives the cybercriminals it sponsors free reign to engage in highly destructive, global attacks, such as the 2017 attacks on Windows users worldwide that used the WannaCry ransomware, which affected more than 200,000 users across at least 150 countries. North Korea is setting an example that other rogue states can follow; states such as Belarus and even Myanmar can see that cybercrime offers them a way of countering the worst effects of sanctions, while making themselves more of a threat to the wider community.”
North Korea sponsors criminal groups such as Lazarus and APT38 through its military-affiliated ‘Reconnaissance General Bureau’ (RGB). These groups are known to target business and governments worldwide via methods such as ATM cashout schemes, cryptomining and cryptocurrency theft, and even cyber bank heists. For example, the $101 million heist of the Bangladesh Bank via the SWIFT banking system was carried out by North Korea.Several of these attacks are characterised by their use of code signing certificates, which serve as machine identities making it possible for businesses to trust the software they use.
“North Korea’s use of code signing machine identities makes its attacks particularly hard to defend against,” continued Blachman. “Stealing code-signing machine identities equips North Korean cybercriminals with the ability to pass off their own malicious software as legitimate software from a genuine developer. It also enables them to execute devastating supply chain attacks. The problem is that there’s currently not enough awareness and security around the importance of machine identities. This lack of focus allows North Korean cybercriminals to take advantage of a serious blindspot in software supply chain attacks. Without more co-ordination and collaboration among businesses and governments to address the tactics used by North Korean cybercriminals, these threats will only get worse, and other global pariahs will sense their own opportunities.”
For more information, please visit: