Cyber War: North Korea’s $3.4 Billion Heist Unveiled

On the 4th, South Korean Ambassador to the UN, Hwang Joon Kook, participated in the Aria-formula meeting on cyber security held at the UN headquarters in New York, co-hosted by the U.S., South Korea, and Japan.

This meeting discussed cyber attacks, such as ransomware, as a new factor damaging international peace and security. Ambassador Hwang argued that North Korea’s malicious hacking is a textbook cyberattack case.

It is estimated that North Korea’s income from hacking and cyber attacks accounts for about half of its total foreign currency earnings. The dollars earned in this way are estimated to account for 40% of the funds used for the development of nuclear weapons and weapons of mass destruction (missiles, etc.). From 2017 to 2023, North Korea generated significant illicit profits of $3 billion through cyber attacks targeting virtual asset companies. In 2023, the damage related to North Korean cyber attacks reached $750 million, causing headaches for global virtual asset companies and cyber security companies.

The UN sanctions panel on North Korea has also criticized North Korea as “the most active cyber thief in the world.”

The UN Security Council (UNSC) held the Aria-formula meeting as an informal meeting at the request of its member states. The Security Council often convenes the concerned country to discuss issues that are challenging to discuss in official meetings due to conflicts, such as disagreements among member states or issues not yet listed on the official agenda.

Ambassador Hwang said North Korea’s unilateral and illegal cyber activities could weaken the effect of the Security Council’s sanctions and be abused as a means to evade them, as it earns foreign currency while avoiding financial sanctions.

Ambassador Hwang also said, “Cyber crimes caused by illegal cyber activities such as hacking can pose an additional public challenge to the international community’s Nuclear Non-Proliferation Treaty (NPT),” and “more than 50 financial institutions among UN member countries have been directly accessed and affected by hackers operating in support of the North Korean regime.”

Linda Thomas-Greenfield, U.S. Ambassador to the UN, also claimed, “The U.S. is concerned not only about Russia’s cyber activities but also about North Korea’s malicious international cyber attacks,” and “the funds raised through cyber operations are directly supporting the recent illegal provocations of the ballistic missile program. We are closely watching this.”

She further emphasized, “The U.S. is paying attention to and condemning violent and peace-breaking actions in cyberspace, including North Korea’s actions, in cooperation with countries that share the same view on North Korea,” and “the U.S. is making efforts to limit such cyberattack behaviors.”

Meanwhile, North Korea was once counterattacked by one individual after repeated cyberattacks.

Although not widely known, as few people are communicating online with North Korea, there was a chaotic incident two years ago in 2022 when the entire region of North Korea’s internet was paralyzed.

At that time, major North Korean institutions’ servers, including the official portal of the North Korean government, “My Country,” the Ministry of Foreign Affairs, the Korean Central News Agency, Rodong Sinmun, and Air Koryo, suffered from DDoS (Distributed Denial of Service) attacks, causing all internet traffic in and out of servers to a complete stop.

A British IT expert told Reuters, “It was completely impossible to transmit data while accessing North Korea’s IP address and transmitting data,” and “it took a little over a week to recover and share data fully.”

Although an investigation was conducted to identify the backing since major servers in North Korea stopped, it remained a mystery. However, a month before the incident, the American media reported that an American hacker had manipulated the North Korean servers.

This hacker, known to have operated under the ID “P4x,” revealed his face and real name, Caseres, to the American IT specialist media outlet Wired on the 4th and shared the full story and unresolved stories of the incident two years ago.

Wired reported that North Korean hackers, with the support of Kim Jong Un, frequently attempt to steal hacking software from cyber security experts and hackers in the US.

The cyber security company run by Caseres could have been a target for North Korea.

The company took protective measures to fend off North Korean hackers. However, when it reported the illegal cyber attacks carried out by North Korea to the US government and met with the FBI and the government’s cyber security officials, they did not take any special measures, which disappointed Caseres.

His disappointment led him to come up with a brilliant idea: to retaliate unilaterally against North Korea. According to the interview, the individual’s revenge against a country’s regime was successfully concluded, and he has not suffered any retaliation yet.

Caseres has achieved his revenge but has also expressed his ambition to develop an innovative security system that can change cyberspace.