October 28, 2022 | CEEW Monograph

The Evolution of Kim Jong Un’s ‘All-Purpose Sword’

Mathew Ha

George Mason University

October 28, 2022 | CEEW Monograph

The Evolution of Kim Jong Un’s ‘All-Purpose Sword’

Mathew Ha

George Mason University

Introduction

For decades, the Kim regime has used weapons tests, border conflicts, and acts of terrorism to gain attention and raise tensions. The regime then demands economic and political benefits in exchange for reducing the tensions it provoked.1 Pyongyang has the potential to add cyberattacks to this repertoire. Kim Jong Un reportedly described cyber warfare in 2012 as North Korea’s “all-purpose sword,” which provides “a capability to strike relentlessly.”2 In the decade since then, Pyongyang has wielded its growing cyber capabilities to reap financial, political, and strategic benefits to prolong the Kim regime’s survival.

Over the past four years, Pyongyang’s financially motivated cybercrime has become more prolific. North Korean cyberattacks increased by 32 percent year over year in 2020, according to South Korea’s National Intelligence Service.3 The blockchain data firm Chainalysis observed a steady increase in attacks on cryptocurrency exchanges between 2019 and 2021.4 This may reflect the regime’s desperation as it faces one of the most challenging economic crises in decades. North Korea has likely stolen “hundreds of millions of dollars, probably to fund government priorities, such as its nuclear and missile programs,”5 the U.S. intelligence community concluded in April 2021. Pyongyang’s hackers steal money directly from international banks and cryptocurrency exchanges, in addition to employing ransomware and cryptocurrency mining tools to generate funds.6

Cybercrime is an integral element of the Kim regime’s hybrid warfare strategy. Accordingly, Pyongyang’s foreign intelligence agency, the Reconnaissance General Bureau, houses its cyber capabilities within Bureau 121,7 which is responsible not only for cybercrime but also for espionage, reconnaissance, and inciting “social chaos by weaponizing enemy network vulnerabilities.”8

Within the North Korean military, the General Staff Department — the armed forces’ senior leadership organ — has developed cyber capabilities to quickly incapacitate the adversary by disabling command, control, and communications systems.9 To compensate for its limited resources and conventional military capabilities, Pyongyang seeks to exploit its adversaries’ weaknesses.10 In that vein, it may launch cyberattacks against critical civilian infrastructure such as banks, public transportation, the electric grid, and telecommunications in South Korea (or the United States). Doing so could spark mass chaos, delay evacuations, and complicate Seoul’s decision making in a wartime scenario.11 Such efforts could require only rudimentary cyber capabilities, such as DDoS attacks, wipers, or ransomware.12

The Kim regime demonstrated this sort of capability in 2013, when the North Korean hacker group Dark Seoul launched destructive attacks against three banks and three media companies in Seoul, which inflicted over $800 million in total damage and sowed confusion across South Korea’s financial sector for several days.13 Fortunately, Seoul has reportedly improved its cyber defenses in recent years. The Korea Internet Safety Agency has successfully blocked numerous North Korean spear-phishing attempts.14 However, Seoul’s ability to thwart a major attack has yet to be tested.

FDD’s 2018 study of North Korea’s CEEW strategy concluded that the Kim regime has calibrated its cyber provocations to remain within the gray zone so as not to elicit a military response from South Korea and the United States, focusing instead on financially motivated cybercrime.15 This chapter examines the evolving tactics and motives of Pyongyang’s cybercrime and explores how North Korea’s financially motivated cyberattacks and theft of cryptocurrencies mitigate the effect of sanctions.

The chapter also explores how, as the North Korean economy deteriorates further, the regime may seek to divorce itself conclusively from the U.S.-led international financial order. Currently, North Korea’s illicit funds must often transit formal financial institutions or U.S.-based cryptocurrency exchanges to reach their final destination.16 A robust cryptocurrency marketplace disconnected from the U.S.-led banking system could provide Pyongyang with a long-term solution to this vulnerability.

This chapter concludes with policy recommendations designed not only to bolster the U.S. and allied governments’ cyber defense and deterrence strategies, but also to strengthen financial safeguards against the exploitation of cryptocurrencies by North Korea and other rogue states.

Tactics and Motives of North Korean Cybercrime

FDD’s 2018 study concluded that “the majority of North Korea’s current cyber activity is focused on making — or stealing — money or collecting data for the regime.”17 This holds true today. The primary mission of Pyongyang’s cyber operators is financial gain, Kim Heung-kwang, a North Korean escapee and a former computer science professor at North Korea’s Hamheung Computer Technology University, explained in 2017.18 ClearSky, a UK- and Israel-based cybersecurity company, similarly concluded that a unique characteristic of North Korean hackers is their “dual attack mission” of monetary theft and espionage. Other state-backed cyber actors tend to focus on national security priorities, not financial gain, the researchers noted.19

In addition to requiring funds for its nuclear weapons and ballistic missile programs, North Korea needs cash to offset an ongoing domestic economic crisis. In August 2020, the Kim regime made an unprecedented admission that it failed to achieve the goals of its last five-year plan. Pyongyang blamed sanctions, foreign enemies, COVID-19, natural disasters, and poor policy implementation by lower-level leaders, but the admission was a clear sign of distress.20

It is true that external factors exacerbated the regime’s economic woes. Sanctions are putting pressure on Pyongyang’s finances, and Typhoon Bavi in August 2020 hammered North Korea’s agricultural sector. It is the regime’s response to the COVID-19 pandemic, however, that has been particularly devastating.21 To prevent a viral outbreak inside North Korea, the regime closed its borders and cut itself off from foreign trade. According to the Korea Trade-Investment Promotion Agency in Seoul, North Korea’s trade volume with China dropped by 80.7 percent in 2020.22 This forced several North Korean factories to close because they rely on materials and inputs from China to keep facilities and power plants running. Alexander Matsegora, Russia’s ambassador to North Korea, said that “without imported materials, raw materials and components, many enterprises stopped, and people, accordingly, lost their jobs.”23 As North Korea’s economy continues to deteriorate, cybercrime remains a key source of revenue.

Over the last four years, Pyongyang’s hackers diversified their methods by experimenting with business email compromise (BEC) and card skimming schemes.24 BEC schemes involve stealing a company’s financial records and client contact information so that hackers can disguise themselves as vendors and receive payment for fraudulent invoices.25 In card skimming, or “Magecart,” schemes, hackers intercept customers’ credit card information from retail websites and then sell it on the black market.26 While this tactic is not new in the cybercrime world, North Korea’s first publicly known successful card skimming operation began in May 2019.27

Still, the priority for Pyongyang’s hackers remains banks and cryptocurrency exchanges. The U.S. government reported that between 2015 and 2020, North Korea infiltrated banks and cryptocurrency exchanges in over 30 countries.28 This yielded Pyongyang over $200 million between 2017 and 2019 and an additional $300 million in 2020.29

North Korean hackers have two primary ways of stealing funds from traditional financial institutions. First, they may seize control of a bank’s financial transfer system run by the Society for Worldwide Interbank Financial Telecommunications, or SWIFT, and then use that control to conduct fraudulent transactions. North Korean hackers employed this method to steal $80 million from the Bank of Bangladesh in 2017.30 The second tactic involves breaching ATMs. After gaining control, hackers remotely order select ATMs to dispense cash, which Pyongyang’s accomplices collect.31

To steal from cryptocurrency exchanges, North Korean hackers have launched spear-phishing campaigns against exchange employees. Exchanges are attractive targets because, as FireEye explains, once hackers breach an exchange, “they potentially can move cryptocurrencies out of online wallets, swapping them for other, more anonymous cryptocurrencies or send them directly to other wallets on different exchanges to withdraw them in fiat currencies,” such as dollars or euros.32

Three attacks on cryptocurrency exchanges in North America, Europe, and Asia between 2020 and 2021 yielded $50 million, according to the March 2022 report of the UN Panel of Experts on North Korea.33 Chainalysis, meanwhile, concluded that Pyongyang successfully stole nearly $400 million in cryptocurrency from seven intrusions in 2021.34 In April 2022, the FBI attributed a $620 million cryptocurrency hack to North Korea.35 In that operation, the hackers used stolen credentials (rather than a software vulnerability) to compromise the blockchain bridge — the tool for moving cryptocurrencies between different blockchains.36

The FBI has suggested that North Korean hackers may prefer targeting cryptocurrency exchanges because they provide “relatively fewer complications” compared to traditional banks.37 In the past, banks’ safeguards have tripped up Pyongyang’s operatives. For instance, during the hack of the Bank of Bangladesh, the New York Federal Reserve detected suspicious activity, namely that one of the recipient addresses at a Filipino bank was named “Jupiter,” a name it shared with a U.S.-sanctioned oil tanker from Iran. The Fed then paid closer attention to the hackers’ payment requests and blocked them. Although the Bank of Bangladesh did lose $80 million, the Fed’s intervention prevented the hackers from executing their planned theft of $1 billion.38

Another drawback of bank heists is they require a “larger network of criminals to help steal and then launder the money,” while cryptocurrency hacks “cut out nearly all the middlemen.”39 Indeed, North Korean hackers require extensive help to steal from ATM machines. For example, in 2017, Japan’s National Police Agency reported that up to 260 individuals affiliated with the Japanese yakuza and other international criminal organizations helped Pyongyang’s hackers steal up to $16.6 million from 1,700 ATM machines across 17 Japanese prefectures.40 In February 2021, the U.S. Justice Department revealed that North Korea collaborated with a North American criminal network to support ATM schemes targeting Pakistan’s BankIslami and an unnamed Indian bank in 2018.41

While North Korea does not need as many accomplices to move its cryptocurrency revenues, hackers must still rely on money launderers to transfer virtual currency into fiat currency. For example, in March 2020, the Justice and Treasury departments respectively indicted and sanctioned two Chinese currency traders, Tian Yinyin and Li Jiadong, for helping North Korean hackers convert over $100 million in stolen cryptocurrency into fiat currency through Chinese banks via several hundred small transactions.42 To eliminate these middlemen, North Korea would likely need to rely on emerging crypto-based payment and transaction systems.

To that end, Pyongyang invited Virgil Griffith, an American cryptocurrency software developer based in Singapore, to present at the DPRK Cryptocurrency Conference in 2019 on the topic of “potential money laundering and sanctions evasion applications of cryptocurrency and blockchain technologies.” The U.S. Justice Department later indicted Griffith for providing “highly technical information to North Korea, knowing that this information could be used to help North Korea launder money and evade sanctions.”43 Griffith pleaded guilty and was sentenced to five years in federal prison.44

Cryptocurrency as an Engine of Sanctions Resistance

The Kim regime may shift its cryptocurrency strategy from an emphasis on acquiring cash to building resistance against sanctions. Rather than converting digital currency into fiat currency, Pyongyang could build large reserves of numerous cryptocurrencies to spend in a cryptocurrency exchange independent of the U.S.-led financial system. For the moment, that goal is mostly aspirational. Yet North Korea is adept at identifying its enemies’ structural weaknesses. The lax governance and regulatory structure surrounding digital currency is ripe for exploitation. This strategy would align with the ideological tenets of juche, the regime’s doctrine of self-reliance, by providing Pyongyang with greater financial autonomy.

However, North Korea’s ability to leverage cryptocurrency for these objectives will likely be contingent upon technological advances by other rogue states with more robust economies. Alone, North Korea cannot challenge the U.S.-led financial order.

On September 6, 2018, in Los Angeles, California, First Assistant U.S. Attorney Tracy Wilkison announces charges against a North Korean national for a range of cyberattacks. (Mario Tama/Getty Images)

Fortunately for Pyongyang, Moscow and Beijing are already exploring ways to reduce their dependence on the dollar through digital currency. In March 2021, Russian Foreign Minister Sergey Lavrov recommended during a visit to China that “we [Russia and China] need to reduce sanctions risks by bolstering our technological independence by switching to payments in our national currencies and global currencies that serve as an alternative to the dollar.”45 That need has only increased since Russia’s invasion of Ukraine and the West’s imposition of sanctions. China, Russia, and even Iran have started creating their own national digital currencies and blockchain platforms. Moscow, Beijing, and others are looking for ways to operate “economies outside the U.S.-led financial system” to “reduce Washington’s ability to impose sanctions,” as FDD scholars observed in 2019.46

Separately, according to the UN Panel of Experts, North Koreans based in Hong Kong developed a blockchain-enabled digital currency in 2018 called Marine Chain Token for use in shipping-related transactions. The Panel hypothesized that the Marine Chain platform was funded by stolen cryptocurrencies, pointing to the platform’s ties to North Korean operatives “who have extorted Bitcoin from online companies.”47 In a 2021 indictment against three North Korean hackers, the Justice Department added that the Marine Chain Token enabled Pyongyang to evade sanctions and “secretly obtain funds from investors” abroad who purchased partial ownership of shipping vessels.48

However, these advances still fall far short of Beijing’s and Moscow’s achievements. China began developing its own digital currency and payment systems as early as 201449 and has made significant progress.50 China’s most recent five-year plan noted the significance of blockchain applications for supply chain management, e-governance, fintech, and other purposes. President Xi Jinping seeks “a new industrial advantage” through blockchain. As a result, Chinese companies are filing more blockchain patents than their U.S. counterparts.51 Beijing’s leadership intends to leverage this new digital currency not only to support its commercial and trade activities, but also “to displace the U.S. dollar as a global reserve currency,” FDD scholars concluded in 2019.52

If China succeeds in establishing an alternative system, North Korea will quickly try to attach itself to that system because Pyongyang conducts over 80 percent of its trade with Beijing.53 Despite significant decreases in the volume of bilateral trade — which in 2021 was down 40 percent from the previous year and 90 percent compared to pre-pandemic levels54 — China remains North Korea’s main trading partner.55

China’s cooperation with North Korea in this emerging fintech space may have its limits if Beijing concludes that a visible role for North Korea would deter other nations from participating in a Chinese-led system, for which Beijing has global ambitions. Nonetheless, China is unlikely to reject North Korea’s participation entirely, because preventing instability inside North Korea is a long-term strategic objective for Beijing.56

Recommendations

As North Korean cyber operations evolve, the U.S. government must bolster American defenses and strengthen deterrence measures. The Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security has distributed numerous technical alerts on North Korean malware to help private-sector entities harden their networks. The U.S. government has also sought to impose costs on North Korea’s hackers and programmers through sanctions and criminal indictments. However, the measures have been insufficient. The United States and its allies must consider innovative ways to change the regime’s calculus. The first four recommendations below originally appeared in FDD’s 2018 report on North Korean CEEW but have been updated with current information.57 What follows are three additional recommendations for how the U.S. government should address the risks and opportunities presented by the accelerating global adoption of cryptocurrencies and blockchain technology.

1. Escalate economic measures targeting the financial networks that launder North Korean funds. Over the long-term, North Korea may reduce or eliminate its need for financial middlemen to launder funds and convert digital currency into fiat currency. In the meantime, however, this is a strategic weakness. The U.S. Treasury Department should sanction the individuals, companies, and banks that facilitate financial transactions on behalf of Pyongyang’s hackers and the Kim regime in general. Washington’s earlier sanctions and indictments related to North Korean cyber operations were largely symbolic because they did not target the key nodes supporting North Korean cyber operations. To be effective, sanctions should target the foreign partners, front companies, and overseas financial institutions that work with North Korea.58 For example, the Justice Department case against Tian Yinyin and Li Jiadong revealed that nine Chinese banks helped launder North Korea’s stolen cryptocurrency. Treasury should confirm that these banks have blocked additional suspicious transactions and are no longer complicit in such activity. If Treasury finds any further issue, it should impose additional penalties, fines, and sanctions.

2. Pressure China to dismantle North Korean cyber infrastructure. Pyongyang dispatches hackers abroad — particularly, although not exclusively, to China — to access more robust internet infrastructure capable of supporting more complex operations.59 Operating abroad also increases plausible deniability for the Kim regime. By contrast, relying on personnel and computer networks based solely in North Korea would create a “significant operational weakness” and leave Pyongyang vulnerable to cyberattacks that would “limit current North Korean cyber operational freedom,” according to Recorded Future.60 Washington should therefore urge China to repatriate all North Korean hackers. If Beijing and other foreign governments fail to dismantle Pyongyang’s illicit cyber infrastructure, the White House should consider deploying the North Korean Sanctions and Policy Enhancement Act, which grants Treasury the authority to designate individuals and entities who “have knowingly engaged in, directed, or provided material support to conduct significant activities in undermining cybersecurity.”61

3. Publicize information about cryptocurrency hacks. Cryptocurrency exchanges have become regular targets of cyber criminals but often do not share the details of those hacks. Without this information, researchers, law enforcement, and government officials have limited ability to decode criminal methodologies. The United States, South Korea, and other partner countries should therefore issue breach-notification rules. They should also establish a framework for sharing information about attacks that combines regulatory and government authorities with virtual currency exchanges and providers.62

4. Conduct information operations against Pyongyang. In 2017, Cyber Command reportedly launched DDoS attacks on suspected North Korean networks to limit the regime’s cyber operations.63 While the Defense Department should continue to employ such tactics as part of its “defend forward” strategy,64 cyber measures alone will not impose sufficient costs. Washington should leverage North Korean elites’ access to the global internet to expose them to foreign media and other restricted information.65 The Kim regime fears uncensored information that could compromise its ideological grip on the North Korean populace, such as evidence of its atrocities, corruption, and economic malpractice. Over the long term, creating a rift between these elites and Kim’s inner circle could lay the groundwork for a change in leadership and, in the short term, may convince Kim to restrict North Korean cyber operations because their cost is too great.66

More broadly, the United States must develop policies to cope with the long-term risks that cryptocurrencies and blockchain technology may pose to the U.S.-led global financial system and the role of the dollar in international trade. A March 2022 executive order on digital currencies directs the Treasury Department, the Federal Reserve, the Consumer Financial Protection Bureau, and other agencies to study these issues.67 This is a critical first step toward safeguarding financial stability, innovation, and consumer protection.

5. Commission research on public blockchains. While the Chinese and Russian governments have advanced their study and early implementation of various blockchain tools to harden their network defenses, Beijing and Moscow have invested less in public blockchain systems, preferring private blockchains in which a single entity controls the chain and knows the identity of all participants.68 A public blockchain is decentralized, anonymous, and open to anyone’s participation if the individual verifies data added to this blockchain.69 According to the Blockchain Council, a U.S.-based group of experts, public blockchains are more secure than private networks because it is difficult for a single bad actor to compromise enough of the decentralized network to corrupt the data within the blockchain.70 The United States should become a leader in public blockchain technology, which not only adheres to American liberal norms and values but also is garnering more use within the consumer marketplace.71

6. Foster more public-private cooperation and innovation in cryptocurrency, blockchain, and fintech.72 A core finding of the U.S. Cyberspace Solarium Commission is the need for greater public-private collaboration on cybersecurity.73 The U.S. government should sponsor business incubator programs that promote blockchain-based solutions for regulatory challenges related to cryptocurrencies’ impact on global finance and banking.74 Specifically, Congress should appropriate funding for the National Science Foundation to help companies working on blockchain and other distributed ledger technologies. A report from the Center for a New American Security assessed that leading the development of blockchain applications would position Washington to maintain the value of coercive economic tools, including sanctions.75

7. Conduct studies within the U.S. intelligence community and other agencies to forecast trends in the use of cryptocurrency, blockchain and fintech by U.S. adversaries. The Biden administration should task the intelligence community with studying adversarial ambitions to undermine the existing financial order using cryptocurrencies, blockchain, and other fintech. The objective should be to identify future threats along with the long-term implications of current trends. Beijing has stated that it intends to design a universal digital payment network over the next 10 years to support digital currency transfers and payments worldwide.76 Understanding threats to America’s long-term national and financial security must be a priority.

Conclusion

To counter the North Korean cyber threat, the United States and its allies must employ a tailored approach that focuses both on the immediate needs of cyber defense and deterrence and future challenges posed by illicit financial networks and their state sponsors. With proactive measures, America and its allies can ensure that cryptocurrencies and blockchain technology become assets to protect the integrity of the global financial order.

 

The Attack on America’s Future

Possible Futures for Russia’s CEEW Playbook

October 28th | Ryan Tully,  Logan Weber
CEEW Monograph

China’s Accelerating CEEW Campaign

October 28th | Samantha Ravich,  RADM (Ret) Mark Montgomery
CEEW Monograph

The Dangers of Iran’s Cyber Ambitions

October 28th | Annie Fixler
CEEW Monograph
  1. Jung H. Pak, “Kim Jong-un’s tools of coercion,” The Brookings Institution, June 21, 2018. (https://www.brookings.edu/blog/order-from-chaos/2018/06/21/kim-jong-uns-tools-of-coercion)
  2. Leekyung Ko, “North Korea as a Geopolitical and Cyber Actor,” New America, June 6, 2018. (https://www.newamerica.org/cybersecurity-initiative/c2b/c2b-log/north-korea-geopolitical-cyber-incidents-timeline)
  3. Seulkee Jang, “North Korea recently hacked Pfizer to steal vaccine development-related secrets,” Daily NK (South Korea), February 24, 2021. (https://www.dailynk.com/english/north-korea-recently-hacked-pfizer-steal-vaccine-development-secrets)
  4. Chainalysis Team, “North Korean Hackers Have Prolific Year as Their Unlaundered Cryptocurrency Holdings Reach All-time High,” Chainalysis, January 13, 2022. (https://blog.chainalysis.com/reports/north-korean-hackers-have-prolific-year-as-their-total-unlaundered-cryptocurrency-holdings-reach-all-time-high)
  5. Office of the Director of National Intelligence, “Annual Threat Assessment of the US Intelligence Community,” April 2021, page 16. (https://www.dni.gov/files/ODNI/documents/assessments/ATA-2021-Unclassified-Report.pdf)
  6. UN Panel of Experts, “Final report of the Panel of Experts submitted pursuant to resolution 2569 (2021),” S/2022/132, March 1, 2022, page 80. (https://www.securitycouncilreport.org/atf/cf/%7B65BFCF9B-6D27-4E9C-8CD3-CF6E4FF96FF9%7D/N2225209.pdf)
  7. ROK Ministry of National Defense, “2014 Defense White Paper,” December 31, 2014, page 27. (http://www.mnd.go.kr/user/mndEN/upload/pblictn/PBLICTNEBOOK_201704260250138940.pdf). Academic and industry reports on North Korea’s cyber capabilities also refer to Bureau 121 as Unit 121 or Lab 110. A South Korean military report first identified Lab 110 as an expansion and reorganization of Bureau 121. In keeping with the terminology used in U.S. government publications, this chapter uses the name Bureau 121.
  8. U.S. Department of the Army, “North Korean Tactics,” ATP 7-100.2, July 24, 2020, page 277. (http://www.documentcloud.org/documents/7038686-US-Army-report-on-North-Korean-military.html); Ji Young Kong, Jong In Lim, and Kyoung Gon Kim, “The All-Purpose Sword: North Korea’s Cyber Operations and Strategies,” 2019 11th International Conference on Cyber Conflict, July 2019, page 5. (https://ccdcoe.org/uploads/2019/06/Art_08_The-All-Purpose-Sword.pdf); Michael Barnhart, Michelle Cantos, Jeffery Johnson, Elias Fox, Gary Freas, and Dan Scott, “Not So Lazarus: Mapping DPRK Cyber Threat Groups to Government Organizations,” Mandiant, March 23, 2022. (https://www.mandiant.com/resources/mapping-dprk-groups-to-government)
  9. Jenny Jun, Scott LaFoy, and Ethan Sohn, “North Korea’s Cyber Operations: Strategy and Response,” Center for Strategic and International Studies, December 2015, pages 5 and 45–50. (https://csis-website-prod.s3.amazonaws.com/s3fs-public/legacy_files/files/publication/151216_Cha_NorthKoreasCyberOperations_Web.pdf)
  10. David Maxwell and Bradley Bowman, “Maximum Pressure 2.0: A Plan B for North Korea,” Maximum Pressure 2.0: A Plan for North Korea, Eds. Bradley Bowman and David Maxwell (Washington, DC: Foundation for Defense of Democracies, 2019). (https://www.fdd.org/analysis/2019/12/3/maximum-pressure-2)
  11. Franz-Stefan Gady, “Military Stalemate: How North Korea Could Win a War With the US,” The Diplomat, October 10, 2017. (https://thediplomat.com/2017/10/military-stalemate-how-north-korea-could-win-a-war-with-the-us)
  12. David E. Sanger, David D. Kirkpatrick, and Nicole Perlroth, “The World Once Laughed at North Korean Cyberpower. No More.” The New York Times, October 15, 2017. (https://www.nytimes.com/2017/10/15/world/asia/north-korea-hacking-cyber-sony.html)
  13. Kyoung Jae Park, Sung Mi Park, and Joshua I. James, “A Case Study of the 2016 Korea Cyber Command Compromise,” Hallym University, accessed June 25, 2018. (https://arxiv.org/ftp/arxiv/papers/1711/1711.04500.pdf)
  14. “North Korean hackers behind attacks on cryptocurrency exchanges, South Korean newspaper reports,” Reuters, December 15, 2017. (https://www.reuters.com/article/us-northkorea-southkorea-cryptocurrency/north-korean-hackers-behind-attacks-on-cryptocurrency-exchanges-south-korean-newspaper-reports-idUSKBN1EA02F)
  15. Mathew Ha and David Maxwell, “Kim Jong Un’s ‘All-Purpose Sword’: North Korean Cyber-Enabled Economic Warfare,” Foundation for Defense of Democracies, October 3, 2018. (https://www.fdd.org/analysis/2018/10/03/kim-jong-uns-all-purpose-sword)
  16. “North Korea’s Lazarus Group Identified as Exploiters Behind $540 Million Ronin Bridge Heist,” Elliptic, April 14, 2022. (https://www.elliptic.co/blog/540-million-stolen-from-the-ronin-defi-bridge)
  17. Mathew Ha and David Maxwell, “Kim Jong Un’s ‘All-Purpose Sword’: North Korean Cyber-Enabled Economic Warfare,” Foundation for Defense of Democracies, October 3, 2018. (https://www.fdd.org/analysis/2018/10/03/kim-jong-uns-all-purpose-sword)
  18. Kim Jaewon, “A cybersecurity defector warns of North Korea’s ‘hacker army,’” Nikkei Asia (Japan), May 25, 2017. (https://asia.nikkei.com/Politics/A-cybersecurity-defector-warns-of-North-Korea-s-hacker-army)
  19. “Operation ‘Dream Job’ Widespread North Korean Espionage Campaign,” ClearSky Cybersecurity, August 2020, page 39. (https://www.clearskysec.com/wp-content/uploads/2020/08/Dream-Job-Campaign.pdf)
  20. Shim Kyu Seok, “Kim Jong-un makes rare admission of economic failure,” Korea JoongAng Daily (South Korea), August 20, 2020. (https://koreajoongangdaily.joins.com/2020/08/20/national/northKorea/North-Korea-economy-failure/20200820185100410.html); David Maxwell and Mathew Ha, “Opening of Eighth Party Congress Shows Kim Jong Un Stays True To his Roots,” Foundation for Defense of Democracies, January 7, 2021. (https://www.fdd.org/analysis/2021/01/07/eighth-party-congress-kim-jong-un-roots)
  21. Evans J. R. Revere, “North Korea’s economic crisis: last chance for denuclearization?” The Brookings Institution, February 26, 2021 (https://www.brookings.edu/wp-content/uploads/2021/02/fp_20210226_revere_krins.pdf); Min Joo Kim, “Typhoon Bavi approaches North Korea, posing another crisis for Kim Jong Un,” The Washington Post, August 26, 2020. (https://www.washingtonpost.com/world/asia_pacific/typhoon-bavi-north-korea-coronavirus-kim-jong-un/2020/08/26/43f2a8e2-e75b-11ea-bf44-0d31c85838a5_story.html)
  22. Elizabeth Shim, “Report: North Korea’s trade with China declined 80% in 2020,” UPI, February 22, 2021. (https://www.upi.com/Top_News/World-News/2021/02/22/Report-North-Koreas-trade-with-China-declined-80-in-2020/2431614020515)
  23. Simon Denyer, “North Korea’s economy is ravaged by sanctions and pandemic isolation. Kim is lashing out,” The Washington Post, February 21, 2021. (https://www.washingtonpost.com/world/asia_pacific/north-korea-kim-economy-crisis/2021/02/19/16d108d8-706b-11eb-8651-6d3091eac63f_story.html)
  24. “Operation ‘Dream Job’ Widespread North Korean Espionage Campaign,” ClearSky Cybersecurity, August 2020, page 8. (https://www.clearskysec.com/wp-content/uploads/2020/08/Dream-Job-Campaign.pdf)
  25. U.S. Federal Bureau of Investigation, “Business Email Compromise,” accessed February 12, 2021. (https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/business-email-compromise)
  26. “What is Magecart?” SanSec, accessed July 27, 2021. (https://sansec.io/what-is-magecart); Alex Scroxton, “North Korea behind spate of Magecart attacks,” Computer Weekly, July 6, 2020. (https://www.computerweekly.com/news/252485702/North-Korea-behind-spate-of-Magecart-attacks)
  27. “North Korean hackers are skimming U.S. and European Shoppers,” SanSec, July 6, 2020. (https://sansec.io/research/north-korea-magecart)
  28. U.S. Cybersecurity and Infrastructure Security Agency, Department of the Treasury, Federal Bureau of Investigation, Cyber Command, Joint Cybersecurity Advisory, “FASTCash 2.0: North Korea’s BeagleBoyz Robbing Banks,” AA20-239A, August 25, 2020. (https://us-cert.cisa.gov/ncas/alerts/aa20-239a)
  29. Eileen Yu, “North Korea reportedly stole $2B in wave of cyber-attacks,” ZDNet, August 7, 2019 (https://www.zdnet.com/article/north-korea-reportedly-stole-2b-in-wave-of-cyberattacks); Richard Roth and Joshua Berlinger, “North Korean hackers stole more than $300 million to pay for nuclear weapons, says confidential UN Report,” CNN, February 9, 2021. (https://www.cnn.com/2021/02/08/asia/north-korea-united-nations-report-intl-hnk)
  30. Syed Zain Al-Mahmood, “How Bangladesh’s Central Bank Found $100 Million Missing After a Weekend Break,” The Wall Street Journal, March 11, 2016. (https://blogs.wsj.com/indiarealtime/2016/03/11/how-bangladeshs-central-bank-found-100-million-missing-after-a-weekend-break)
  31. Indictment, United States of America v. Jon Chang Hyok, Kim Il, and Park Jin Hyok, 2:20-cr-00614-DMG (C.D. Cal. filed December 8, 2020). (https://www.justice.gov/opa/press-release/file/1367701/download)
  32. Luke McNamara, “Why is North Korea so interested in Bitcoin?” FireEye, September 11, 2017. (https://www.fireeye.com/blog/threat-research/2017/09/north-korea-interested-in-bitcoin.html). A fiat currency derives value from the authority of the government that issues it rather than from an underlying commodity such as gold.
  33. UN Panel of Experts, “Final report of the Panel of Experts submitted pursuant to resolution 2569 (2021),” S/2022/132, March 1, 2022, page 80. (https://www.securitycouncilreport.org/atf/cf/%7B65BFCF9B-6D27-4E9C-8CD3-CF6E4FF96FF9%7D/N2225209.pdf)
  34. “North Korean Hackers Have Prolific Year as Their Unlaundered Cryptocurrency Holdings Reach All-time High,” Chainalysis, January 13, 2022. (https://blog.chainalysis.com/reports/north-korean-hackers-have-prolific-year-as-their-total-unlaundered-cryptocurrency-holdings-reach-all-time-high)
  35. U.S. Federal Bureau of Investigation, “FBI Statement on Attribution of Malicious Cyber Activity Posed by the Democratic People’s Republic of Korea,” April 14, 2022. (https://www.fbi.gov/news/press-releases/press-releases/fbi-statement-on-attribution-of-malicious-cyber-activity-posed-by-the-democratic-peoples-republic-of-korea)
  36. Lily Hay Newman, “Blockchains Have a ‘Bridge’ Problem, and Hackers Know It,” Wired, April 3, 2022. (https://www.wired.com/story/blockchain-network-bridge-hacks)
  37. U.S. Federal Bureau of Investigation, “Cryptocurrencies a growing target of theft,” March 11, 2021. (https://www.fbi.gov/news/stories/north-korean-hacks-show-virtual-currency-vulnerabilities-031121)
  38. Krishna N. Das and Jonathan Spicer, “How the New York Fed fumbled over the Bangladesh Bank cyber-heist,” Reuters, July 21, 2016. (https://www.reuters.com/investigates/special-report/cyber-heist-federal)
  39. U.S. Federal Bureau of Investigation, “Cryptocurrencies a growing target of theft,” March 11, 2021. (https://www.fbi.gov/news/stories/north-korean-hacks-show-virtual-currency-vulnerabilities-031121); UN Panel of Experts, “Midterm report of the Panel of Experts submitted pursuant to resolution 2464 (2019),” S/2019/691, August 30, 2019. (https://undocs.org/S/2019/691)
  40. “Suspected ringleader of huge, coordinated ATM scam entered N. Korea,” Kyodo News (South Korea), April 5, 2020. (https://english.kyodonews.net/news/2020/04/2b45db5e313b-suspected-ringleader-of-huge-coordinated-atm-scam-entered-n-korea.html)
  41. U.S. Department of Justice, Press Release, “Three North Korean Military Hackers Indicted in Wide-ranging Scheme to Conduct Cyberattacks and Financial Crimes Across the Globe,” February 17, 2021. (https://www.justice.gov/opa/pr/three-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and)
  42. Indictment, United States of America v. Tian Yinyin and Li Jiadong, 1:20-cr-00052-TJK (D.D.C. filed May 7, 2019). (https://www.courtlistener.com/recap/gov.uscourts.dcd.215736/gov.uscourts.dcd.215736.1.0.pdf)
  43. U.S. Department of Justice, U.S. Attorney’s Office for the Southern District of New York, Press Release, “Manhattan U.S. Attorney Announces Arrest of United States Citizen for Assisting North Korea in Evading Sanctions,” November 29, 2019. (https://www.justice.gov/usao-sdny/pr/manhattan-us-attorney-announces-arrest-united-states-citizen-assisting-north-korea)
  44. “U.S. hacker sentenced to 5 years in North Korea sanctions case,” NBC News, April 12, 2022. (https://www.nbcnews.com/news/world/north-korea-virgil-griffith-cryptocurrency-rcna24169)
  45. Gabrielle Tetrault-Farber and Andrew Osborn, “Russia’s top diplomat starts China visit with call to reduce U.S. dollar,” Reuters, March 22, 2021. (https://www.reuters.com/article/us-russia-china-usa/russias-top-diplomat-starts-china-visit-with-call-to-reduce-u-s-dollar-use-idUSKBN2BE0XH)
  46. Yaya Fanusie and Trevor Logan, “Crypto Rogues: U.S. Adversaries Seeking Blockchain Sanctions Resistance,” Foundation for Defense of Democracies, July 11, 2019. (https://www.fdd.org/analysis/2019/07/11/crypto-rogues)
  47. UN Panel of Experts, “Midterm report of the Panel of Experts submitted pursuant to resolution 2464 (2019),” S/2019/691, August 30, 2019, page 29. (https://undocs.org/S/2019/691)
  48. U.S. Department of Justice, Press Release, “Three North Korean Military Hackers Indicted in Wide-ranging scheme to commit cyberattacks and financial crimes across the globe,” February 17, 2021. (https://www.justice.gov/opa/pr/three-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and)
  49. Nathaniel Popper and Cao Li, “China charges ahead with a national digital currency,” The New York Times, March 1, 2021. (https://www.nytimes.com/2021/03/01/technology/china-national-digital-currency.html)
  50. Yaya Fanusie and Emily Jin, “China’s Digital Currency: Adding Financial Data to Digital Authoritarianism” Center for a New American Security, January 26, 2021. (https://www.cnas.org/publications/reports/chinas-digital-currency); Nathaniel Popper and Cao Li, “China charges ahead with a national digital currency,” The New York Times, March 1, 2021. (https://www.nytimes.com/2021/03/01/technology/china-national-digital-currency.html)
  51. Trevor Logan and Theo Lebryk, “America and its military need a blockchain strategy,” C4ISRNET, April 5, 2021. (https://www.c4isrnet.com/opinion/2021/04/05/america-and-its-military-need-a-blockchain-strategy)
  52. Yaya Fanusie and Trevor Logan, “Crypto Rogues: U.S. Adversaries Seeking Blockchain Sanctions Resistance,” Foundation for Defense of Democracies, July 11, 2019. (https://www.fdd.org/analysis/2019/07/11/crypto-rogues)
  53. Fan Yifei, “On Digital Currencies, Central Banks Should Lead,” Bloomberg, September 1, 2016. (http://www.bloomberg.com/opinion/articles/2016-09-01/on-digital-currencies-central-banks-should-lead); Yaya Fanusie and Trevor Logan, “Crypto Rogues: U.S. Adversaries Seeking Blockchain Sanctions Resistance,” Foundation for Defense of Democracies, July 11, 2019. (https://www.fdd.org/analysis/2019/07/11/crypto-rogues)
  54. Bo-eun Kim, “North Korea-China Trade on Restoration Path, but Pyongyang Faces Challenges,” The Korea Times (South Korea), April 10, 2022. (https://www.koreatimes.co.kr/www/nation/2022/04/103_327021.html)
  55. Michael Lee, “China-North Korea Trade Soars but Still Falls Short of Pre-Covid Levels,” Korea JoongAng Daily (South Korea), March 22, 2022. (https://koreajoongangdaily.joins.com/2022/03/22/national/northKorea/North-Korea-China-customs/20220322180517311.html)
  56. Eleanor Albert, “The China-North Korea Relationship,” Council on Foreign Relations, June 25, 2019. (https://www.cfr.org/backgrounder/china-north-korea-relationship)
  57. Mathew Ha and David Maxwell, “Kim Jong Un’s ‘All-Purpose Sword’: North Korean Cyber-Enabled Economic Warfare,” Foundation for Defense of Democracies, October 3, 2018. (https://www.fdd.org/analysis/2018/10/03/kim-jong-uns-all-purpose-sword)
  58. Mathew Ha, “New U.S. sanctions on North Korea are insufficient,” Foundation for Defense of Democracies, September 17, 2019. (https://www.fdd.org/analysis/2019/09/17/new-us-sanctions-on-north-korea-are-insufficient)
  59. Will Ripley, “North Korean defector: ‘Bureau 121’ hackers operating in China, CNN, January 7, 2015. (https://www.cnn.com/2015/01/06/asia/north-korea-hackers-shenyang)
  60. Insikit Group, “North Korea’s ruling elite are not isolated,” Recorded Future, July 25, 2017. (https://go.recordedfuture.com/hubfs/north-korea-internet-activity.pdf)
  61. North Korea Sanctions and Policy Enhancement Act of 2016, Pub. L. 114-122, 130 Stat. 93. (https://www.congress.gov/bill/114th-congress/house-bill/757/text)
  62. Mathew Ha and David Maxwell, “Kim Jong-un’s ‘All-Purpose Sword’: North Korean Cyber-enabled Economic Warfare,” Foundation for Defense of Democracies, October 3, 2018. (https://www.fdd.org/analysis/2018/10/03/kim-jong-uns-all-purpose-sword)
  63. Karen DeYoung, Ellen Nakashima, and Emily Rauhala, “Trump signed presidential directive ordering actions to pressure North Korea,” The Washington Post, September 30, 2017. (https://www.washingtonpost.com/world/national-security/trump-signed-presidential-directive-ordering-actions-to-pressure-north-korea/2017/09/30/97c6722a-a620-11e7-b14f-f41773cd5a14_story.html)
  64. U.S. Department of Defense, “Summary — Department of Defense Cyber Strategy 2018,” 2018. (https://media.defense.gov/2018/Sep/18/2002041658/-1/-1/1/CYBER_STRATEGY_SUMMARY_FINAL.PDF)
  65. Insikit Group, “North Korea’s Ruling Elite Are Not Isolated,” Recorded Future, July 25, 2017. (https://www.recordedfuture.com/north-korea-internet-activity); Mathew Ha, “North Korea is relying on the internet more, creating an opening for the U.S.,” Fifth Domain, February 26, 2020. (https://www.fifthdomain.com/thought-leadership/2020/02/26/north-korea-is-relying-on-the-internet-more-creating-an-opening-for-the-us)
  66. David Maxwell and Mathew Ha, “Information and Influence Activities,” Maximum Pressure 2.0: A Plan for North Korea, Eds. Bradley Bowman and David Maxwell (Washington, DC: Foundation for Defense of Democracies, 2019). (https://www.fdd.org/analysis/2019/12/3/maximum-pressure-2)
  67. U.S. Executive Order 14067, “Ensuring Responsible Development of Digital Assets,” March 9, 2022. (https://www.govinfo.gov/content/pkg/FR-2022-03-14/pdf/2022-05471.pdf)
  68. Trevor Logan and Theo Lebryk, “America and its military need a blockchain strategy,” C4ISRNET, April 5, 2021. (https://www.c4isrnet.com/opinion/2021/04/05/america-and-its-military-need-a-blockchain-strategy)
  69. “Difference between Public and Private blockchain,” Geeks for Geeks, May 11, 2022. (https://www.geeksforgeeks.org/difference-between-public-and-private-blockchain)
  70. Toshendra Kumar Sharma, “Public vs. Private Blockchain: A Comprehensive Comparison,” Blockchain Council, accessed July 27, 2021. (https://www.blockchain-council.org/blockchain/public-vs-private-blockchain-a-comprehensive-comparison)
  71. Trevor Logan and Theo Lebryk, “America and its military need a blockchain strategy,” C4ISRNET, April 5, 2021. (https://www.c4isrnet.com/opinion/2021/04/05/america-and-its-military-need-a-blockchain-strategy)
  72. Yaya Fanusie and Trevor Logan, “Crypto Rogues: U.S. Adversaries Seeking Blockchain Sanctions Resistance,” Foundation for Defense of Democracies, July 11, 2019. (https://www.fdd.org/analysis/2019/07/11/crypto-rogues); Peter Harrell and Elizabeth Rosenberg, “Economic Dominance, Financial Technology, and the Future of U.S. Economic Coercion,” Center for a New American Security, April 2019, page 36. (https://s3.amazonaws.com/files.cnas.org/documents/CNAS-Report-Economic_Dominance-final.pdf?mtime=20190423154936)
  73. U.S. Cyberspace Solarium Commission, “Final Report,” March 2020, pages iv and 96. (https://cybersolarium.org/march-2020-csc-report/march-2020-csc-report)
  74. Yaya Fanusie and Trevor Logan, “Crypto Rogues: U.S. Adversaries Seeking Blockchain Sanctions Resistance,” Foundation for Defense of Democracies, July 11, 2019. (https://www.fdd.org/analysis/2019/07/11/crypto-rogues)
  75. Peter Harrell and Elizabeth Rosenberg, “Economic Dominance, Financial Technology, and the Future of U.S. Economic Coercion,” Center for a New American Security, April 2019, pages 25 and 36–37. (https://s3.amazonaws.com/files.cnas.org/documents/CNAS-Report-Economic_Dominance-final.pdf?mtime=20190423154936)
  76. William Foxley, “China’s Blockchain-based service network to integrate central bank digital currency,” CoinDesk, January 17, 2021. (https://www.coindesk.com/chinas-blockchain-based-service-network-to-integrate-central-bank-digital-currency)

Issues:

Cyber Cyber-Enabled Economic Warfare North Korea