UN, FBI, and MS Warn of North Korea’s Actions, Damaging 50 Financial Institutions Around the World

UN Warns of North Korea’s Arria Formula
FBI: “North Korea Poses threat through cyber operations”
Microsoft: “$100 Million stolen in cryptocurrency service”

Cyber attacks like ransomware have recently emerged as a new threat to international peace and security. The UN Security Council is causing controversy after claims were made that hackers supported by North Korea damaged more than 50 financial institutions in member countries.

On April 4th, local time, Ambassador Hwang Joon Kook of the Republic of Korea to the UN made this claim at the Arria Formula meeting on cyber security, co-hosted by the U.S., South Korea, and Japan at the UN headquarters in New York.

Ambassador Hwang introduced a report by the UN Security Council’s North Korea Sanctions Committee Expert Panel, which stated that North Korea had obtained more than 50% of its total foreign income through illegal cyber activities, bypassing financial sanctions. He also expressed concern that such illegal cyber activities could weaken the effect of the Security Council’s sanctions and be exploited to evade them.

The ambassador asserted, “Illegal cyber activities and cybercrimes can pose additional challenges to the international community’s nuclear non-proliferation system, and more than 50 financial institutions of UN member states have been directly affected by hackers supported by North Korea.”

On the same day, U.S. Ambassador to the UN, Linda Thomas-Greenfield, echoed these sentiments. She expressed concerns over North Korea’s malicious cyber attacks and Russia’s cyber activities. She conveyed that “The income obtained through cyber operations is being directly used to support illegal weapons of mass destruction (WMD) and ballistic missile programs.”

The U.S. is currently working with like-minded countries to track and condemn destructive and destabilizing behavior in cyberspace, including actions by North Korea.

Also at the meeting, Valeria Kennedy, Intelligence Solutions Manager at blockchain analysis company Chainalysis, stated, “It is estimated that North Korea stole $1 billion worth of cryptocurrency in 2023 alone.” She indicated that substantial amounts of laundered funds from stolen cryptocurrency are still being processed, especially given the recent sharp increase in the value of cryptocurrency, suggesting significant losses due to North Korea’s actions.

The Arria Formula meeting, held that day, is typically an informal Security Council meeting convened at the request of a member state. It is known to discuss complex topics in official meetings due to disagreements among member states or issues not listed on the Security Council agenda.

While the recognition that cyber security is directly linked to international peace and security is increasing, it appears that the issue of cyber security is not yet highly prioritized to be adopted as an official Security Council agenda.

The UN Security Council is not the only one criticizing North Korea’s actions. On April 4th, local time, Christopher Wray, Director of the Federal Bureau of Investigation (FBI), mentioned North Korea’s actions in a speech at a cyber security expert meeting held at the University of Kansas.

Director Wray stated, “We are dealing with various threats from nations trying to undermine our democratic society. Enemies like the governments of China, Russia, Iran, and North Korea are using cyber operations to weaken us and achieve their strategic goals.”

He further revealed that North Korea is increasingly threatening cyber security in more covert ways. Instead of uploading large amounts of malicious files, they damage essential software tools on the victim’s computer.

According to Director Wray, North Korea is constantly developing new methods to maximize the scope and impact of its attacks. As the boundary between cybercrime activities and state activities becomes more blurred, it is becoming difficult to distinguish between the end of cybercrime activities and the beginning of hostile state activities.

At an event held at Georgetown University on the same day, Brian Nelson, Deputy Assistant Secretary for Terrorist Financing and Financial Crimes at the Treasury Department, also announced that the U.S. government is taking maximum measures to block illegal actors, citing North Korea as a significant threat actor. This news came as a shock.

Deputy Assistant Secretary Nelson quoted the National Proliferation Financing Risk Assessment report released by the Treasury Department in February, stating, “In extreme cases, Iran, Russia, and North Korea have used U.S. shell companies to raise funds for weapons programs and procurement of sensitive military equipment.” North Korea has consistently denied any cyber attacks.

In 2022, the North Korean Ministry of Foreign Affairs posted a message stating, “We will not sit idle in the face of the United States’ despicable act of spreading rumors about our non-existent cyber-attacks and cryptocurrency theft, which we see as a serious threat and challenge to our sovereignty and national reputation.”

The issue of North Korea’s cyber security threats did not end with criticisms from the UN and the FBI. Microsoft Corporation (MS) recently released a report stating that North Korea’s hacking skills and capabilities are evolving daily.

According to Microsoft’s report, East Asian Threat Actors are Using Unique Tactics; North Korea is rapidly developing its capabilities. It uses large language models (LLMs) like the AI-based tool Chat GPT to research vulnerabilities or carry out spear-phishing (access to confidential data by unauthorized users) attacks.

In early June last year, it was announced that North Korea’s hacking organization Jade Sleet, also known as APT 38, was the perpetrator who stole $100 million worth of cryptocurrency from the Estonian cryptocurrency service Atomic Wallet.

Based on their investigation, Jade Sleet is suspected to be the main culprit behind the theft of $125 million from a Singapore-based cryptocurrency platform in July last year and the theft of online cryptocurrency casino funds in August.

As the value of cryptocurrency has skyrocketed recently, it is estimated that money laundering of a considerable amount of stolen funds is taking place. Given the significant increase in the value of the cryptocurrency previously stolen by North Korea, it is expected to be used as a substantial asset to accelerate weapons development. This raises concerns about the realization of North Korea’s nuclear production, as the stolen virtual assets have been directly used for illegal weapons of mass destruction (WMD) and ballistic missile programs.