North Korea’s tireless cryptocurrency theft operations have highlighted vulnerabilities in the U.S. security ecosystem, raising questions of safety in the face of more effective cyberthreats from Russia and China.
“They’ve gotten into U.S. government websites,” Bruce Klingner, senior research fellow for northeast Asia at the Heritage Foundation, told Fox News Digital. “They’ve gotten into the U.S. financial systems, companies, systems, [and] they were even going after COVID vaccine companies like Pfizer and others to try to get information on the vaccine.”
“It really is an amazingly extensive and capable system,” he added.
Some estimates indicate Pyongyang stole approximately $400 million in 2022 and took in $1 billion in the first nine months of 2022, making cryptocurrency a significant source of income.
North Korean hackers were able to secure $615 million in assets in March alone, making it the largest cryptocurrency heist on record.
What started as purely espionage-based cyberattacks quickly led to extensive and sophisticated operations to obtain cryptocurrency in order to fund missile programs and other military operations.
North Korea’s missile tests this year cost at least $620 million, with plans to resume nuclear testing amid an economic crisis, according to Reuters.
“I remember doing interviews about the Sony hack in 2014 when a lot of the interviewers were just thinking, ‘Well, North Korea can’t even keep the lights on at night,'” Klingner said. “If you look at the famous nighttime satellite photos, how could they possibly do something like a Sony hack?”
“Well, it was North Korea, and they’ve only gotten better,” he continued. “But even I was astounded when I was doing the research for this paper last year about how broadly they’ve expanded their cyberattacks.”
The Foundation for Defense of Democracies (FDD) outlined two main ways by which Pyongyang’s hackers succeed in stealing traditional funds: first, by seizing control of a bank’s financial transfer system run by the Society for Worldwide Interbank Financial Telecommunications – the infamous SWIFT system; second, breaching ATMs to dispense cash, which agents can then collect.
But North Korea has developed long-term “spear phishing” operations, which involve malicious emails spoofing attacks against individuals or groups, in some cases developing entire profiles on websites like LinkedIn or Facebook to convince targets of their authenticity.
North Korea committed at least 49 hacks from 2017 to 2021, according to New York-based blockchain analytics firm Chainalysis.
The fluctuations in the crypto market this year have dampened the success of those hacks, with crypto losing 80% to 85% of value in June 2022, but the realities are that these hacks have exposed far more alarming questions about North Korea’s cybercapabilities and Western nations’ vulnerabilities.
“Within the cybersecurity space, the large-scale significant theft of cryptocurrencies is demonstrating North Korea’s capabilities to engage both in attacks that leverage and cybervulnerabilities, problems with code itself, as well as engaging in social engineering attacks,” Annie Fixler, deputy director of the Center on Cyber and Technology Innovation at the FDD, told Fox News Digital.
“The attacks we’ve seen have leveraged both where North Korean hackers can track a U.N. administrator and someone [who] has access to systems to click a malicious link as hackers often do,” Fixler said. “Then, in other instances, North Korean hackers have exploited problems with code, particularly as it relates to cryptocurrency bridges, the pieces that connect differently, how you can transfer assets from one blockchain to another, blockchain for bridges.”
“So, there have been vulnerabilities in those systems that North Korea has demonstrated their capabilities, sophistication and ingenuity and determination that this is a worthwhile avenue for them to pursue in the broader national security space.”
Fixler noted that despite the capabilities North Korea has displayed, she would still rank them third compared to China and Russia – who continue “vying for the top spot on any given day” – and with Iran as a distant fourth in terms of cyberthreats.
But in all cases, the rogue nations have developed “more sophisticated, more determined and more innovative” operations, according to Fixler.
She argued that North Korea’s actions indicate a longer-term risk to the financial integrity, national security and traditional operations of the United States.