UN report blames North Korean attackers for theft of $571 million from cryptocurrency exchanges

Cyber-attacks by North Korea-linked groups have grown in scale and sophistication over the past three years

A new report from the United Nations Security Council (UNSC) has blamed state-sponsored hackers from North Korea for stealing an estimated $571 million from cryptocurrency exchanges between January 2017 and September 2018.

The report, which was published on Monday, noted that cyber-attacks by North Korean hackers have grown in scale and sophistication over the past three years. Moreover, those cyber-attacks have also become a vital tool for hackers to illegally transfer funds in an effort to circumvent sanctions imposed on the country.

"What stands out [from the report] are the amounts of money involved and the sheer scope of the operations, [which are] highly coordinated and disciplined," Hugh Griffiths, who heads the UN panel, told CyberScoop.

"The ability to breach banking security is extremely worrying and raises broader questions," he added.

The UN report cited private-sector research to highlight that North Korea-based hacking groups infiltrated at least five Asian cryptocurrency exchanges over a period of 21 months from January 2017 to September 2018, stealing a total $571 million.

For hackers, the most successful hack was that on Coincheck, a Bitcoin exchange based in Japan, in January 2018.

The UN panel also linked North Korea-based groups to the 2016 theft of $81 million from Bangladesh Bank - part of a much larger heist of $951 million, which was only stopped by an elementary spelling mistake by the attackers.

The panel alleges that Pyongyang is supporting hackers to illegally transfers funds from foreign financial institutions to supplement its own economy.

The infrastructure required to support such attacks is not insignificant. In the case of the Bangladesh Bank theft, money needed to be quickly withdrawn from the banks it was transferred to, with some of it laundered via casinos in the Philippines.

In 2018, one UN member state wrote to the UN panel, highlighting that North Korea's cyber-focused military units are also operating in foreign countries and trying to generate money for the government.

According to Russian cyber-security firm Group-IB, Lazarus Group conducted several attacks against cryptocurrency exchanges and mining companies in 2017 and 2018. Lazarus, which is also known as Guardians of Peace, HIDDEN COBRA, NICKEL ACADEMY and ZINC, is also thought to be behind cyber-attacks against Sony Pictures Entertainment - forcing staff offline for two months, as a result - and multiple banks across the world, including the Far Eastern International Bank of Taiwan and Banco de Chile, in addition to Bangladesh Bank.

The UN panel recommends UNSC members to take appropriate measures in order to enhance information sharing on cyber-attacks by the North Korea with other countries as well as with their own financial institutions.

Countries also need to boost their network security measure to prevent attempts by the North Korean hackers to attack financial institutions in order to generate funds for their regime.

North Korea has long been connected with a range of criminal activities, including the smuggling of rhino horn - rhinocerous being an endangered species - production of narcotics, currency counterfeiting, global insurance fraud, counterfeit cigarettes, counterfeit medicines, as well as, increasingly, cyber crime.