North Korea stole over $316 million in virtual assets through illicit cyberattacks over the past two years to support its weapons of mass destruction program, according to a UN Security Council report released Wednesday.
The report from a panel of experts under the UN Security Council committee on North Korea sanctions found that Pyongyang had engaged in “malicious cyberactivities” targeting virtual assets, virtual asset service providers and defense companies, mostly led by the Reconnaissance General Bureau, the North’s primary intelligence agency.
North Korea is estimated to have stolen $316.4 million in virtual assets, including cryptocurrencies, between 2019 and November 2020, according to an estimate of one member state.
The panel assessed that “cyberactors linked to the Democratic People’s Republic of Korea continued to conduct operations against financial institutions and virtual currency exchange houses in 2020 to generate revenue to support its weapons of mass destruction” and ballistic missile programs, referring to the North by its official name.
In August 2020, the United States identified the new North Korean-sponsored hacker group, BeagleBoyz, as “an element of the Reconnaissance General Bureau that has likely been active since 2014,” and blamed it for the Bangladesh Bank cyber heist in February 2016.
The BeagleBoyz attempted to steal nearly $2 billion since 2015 through an ATM cash-out scheme and attacks against the Society for Worldwide Interbank Financial Telecommunication, or Swift, and servers hosting financial institutions’ payment systems.
Another cyberattack on the Israeli defense industry last year was assessed by a cybersecurity firm to be linked to Lazarus, a cyberthreat actor linked to the Reconnaissance General Bureau. The attackers were found to have attempted to illegally access military technology and also sought to extract sensitive information that could be used for financial gain.
North Korea’s Cyber Warfare Guidance Unit, or Bureau 121, has more than 6,000 hackers with many operating from overseas. According to a 2020 U.S. military report, three cyberthreat actors – Lazarus, Andariel and Bluenoroff, belong to this unit.
The UN panel found North Korea tried to launder stolen virtual assets through Chinese brokers, and an analysis of cryptocurrency transactions shows that it targeted “over-the-counter virtual asset brokers, especially those located in China.”
The panel is also investigating a hack against a cryptocurrency exchange in September 2020 resulting in approximately $281 million worth of stolen cryptocurrencies, noting that “preliminary analysis, based on the attack vectors and subsequent efforts to launder the illicit proceeds, strongly suggests links to the Democratic People’s Republic of Korea.”
The report noted that blockchain transactions related to this hack also appear to be related to a second cyberattack in October 2020, resulting in the theft of approximately $23 million.
The panel warned that cyberattacks against UN bodies, including one in October 2020 on committees and panels monitoring the implementation of sanctions, “amount to sanctions evasion.”
North Korea continued to illicitly import oil far exceeding by “several times” the amount allowed under UN Security Council resolutions, which sets an annual cap of oil imports at 500,000 barrels, according to the annual UN report.
Several member states assessed that the imports of oil-related products to North Korea “possibly became larger in volume in 2020 due in part to the acquisition of new and larger third country-flagged vessels.”
The panel urged countries to crack down on illicit ship-to-ship transfers, as the North continues to seek “new tactics in sanctions evasion.”
North Korea also developed its nuclear ballistic missile capacity in the past year, defying international sanctions, said the report.
Pyongyang displayed new short-range, medium-range, submarine-launched ballistic missile (SLBM) and intercontinental ballistic missile (ICBM) systems at recent military parades, signaling that they can all be nuclear-armed. The panel noted that the North announced plans to test and produce new ballistic missile warheads and develop tactical nuclear weapons.
The report added that North Korea “produced fissile material, maintained nuclear facilities and upgraded its ballistic missile infrastructure” and “continued to seek material and technology for these programs from overseas” during this period.
North Korea has kept a moratorium on nuclear and long-range ballistic missile tests since late 2017.
While no signs of operation have been observed at the 5-megawatt plutonium production reactor at the North’s key Yongbyon nuclear complex, the report said that “constant traffic has been observed in the vicinity of the reactor, which suggests ongoing maintenance of the reactor.”
One member state assessed the 5-megawatt reactor’s production capability to be around 7 kilograms of plutonium per year, and that North Korea could possess a total of 60 kilograms of plutonium.
The report also said the North “has politicized humanitarian assistance,” only accepting aid in areas that the North’s ruling Workers’ Party “considers a priority.” The panel found that humanitarian aid has “almost certainly” been diverted to meet the needs of the leadership.
During the Covid-19 pandemic, North Korea has imposed strict border controls that severely limited the transfer of goods and movement of people in and out of the country, impacting humanitarian aid operations as well.
To assess the impact of the pandemic on humanitarian operations within North Korea, the UN panel surveyed 38 organizations that applied for exemptions in May and October 2020. UN agencies and nongovernmental organizations told the panel that there were “significant reductions” in operational capacity due to border closures and international and domestic travel restrictions “which would likely result in reduced humanitarian efforts.”
North Korea has been subject to Security Council sanctions since 2006. Food aid and other humanitarian assistance are exempted under UN resolutions.
A closed-door meeting of the New York-based Security Council Tuesday on North Korea’s short-range ballistic missile test last week ended with no immediate action, despite Washington saying it has been contemplating new measures. The latest UN report comes ahead of the completion of the Joe Biden administration’s comprehensive review of its North Korea policy set to be shared with the national security advisers of South Korea and Japan on Friday.
Karine Jean-Pierre, a deputy spokesperson for the White House, told reporters en route to Pennsylvania on Air Force One Wednesday, “We are in the final stages of our intensive, multi-stakeholder North Korea policy review.”
She said the “thorough interagency review of U.S. policy towards North Korea” included an “evaluation of all available options to address the increasing threat posed by North Korea to its neighbors.”
Suh Hoon, director of the Blue House National Security Office (NSO), arrived in New York Wednesday ahead of talks with his U.S. and Japanese counterparts on North Korea strategy.
Suh is scheduled to meet Friday with Jake Sullivan, the U.S. national security adviser, and Shigeru Kitamura, secretary general of Japan’s national security secretariat, for trilateral talks at the United States Naval Academy in Annapolis, Maryland.
BY SARAH KIM [firstname.lastname@example.org]