US warns of North Korean cyber attacks

11 Feb, 2023 03:55 / Updated 2 years ago
Washington and Seoul claim the DPRK is using stolen cryptocurrency to fund additional cyber operations

The United States and South Korea have issued a joint notice on North Korea’s alleged “malicious cyber activities,” saying hackers have targeted health providers, US defense contractors and even government agencies including the Pentagon.

Published on Thursday, the cyber security advisory outlined “recently observed tactics, techniques, and procedures” employed by North Korean hackers in ransomware attacks against the US and South Korea, alleging they are using the proceeds to finance other cyber operations. 

“DPRK cyber actors have been using cryptocurrency generated through illicit cybercrime activities to procure infrastructure such as IP addresses and domains,” the security agencies said in a separate press release, noting the attacks have focused on healthcare systems and other “critical infrastructure.”

Ransomware attacks typically see hackers take control of a victim’s computer, personal data or passwords and then demand payment before handing them back – often in the form of cryptocurrency, which is more difficult to trace.

According to the advisory – compiled by the US National Security Agency, the Department of Health and Human Services, the FBI and several South Korean agencies – an “unspecified amount of revenue” gained through ransomware has been invested back into other cyber attacks, which allegedly support Pyongyang’s “national-level priorities and objectives.”

Such attacks were said to have targeted both the US and South Korean governments, including “Department of Defense Information Networks and Defense Industrial Base member networks” in the United States.

A senior US official later told CNN that President Joe Biden was briefed on the latest cyber notice, going on to claim that North Korean hackers are finding increasingly “creative” ways to make money. 

Tensions on the Korean Peninsula have soared over the last year, with the DPRK conducting a record number of missile tests in 2022 amid a flurry of joint war games by the US and South Korea. While Thursday’s advisory made no mention of North Korean arms, US officials have previously alleged that proceeds from cyber attacks have been used to finance weapons development, though little evidence has been offered to support the claim.