North Korea’s development of increasingly sophisticated cyber tools, while not as overtly threatening as developments in its strategic weapons program, is a significant national security challenge. North Korea has in recent years carried out several significant cyber-attacks, including a nearly successful theft $1 billion.
One of the most audacious attempts at cyber theft to date, North Korea’s cyber operation to steal $1 billion from the Bangladesh Bank – the central bank of Bangladesh – very nearly paid off. The operation followed over a year of planning as well as the infiltration of the Bangladesh Bank’s computer network by North Korean hackers, who gained access after a virus was inserted into the system when a bank employee opened a phony email sent by the hackers.
Using the Bangladesh Bank’s Swift credentials, the hackers were able to initiate a drain of the U.S. dollar account that the bank maintains with the Federal Reserve Bank in New York. The attack was planned in excruciating detail and was designed to exploit time differences between Bangladesh, New York, and the Philippines, where the hackers planned to deposit the stolen money. The hackers even hacked into the bank’s printer in order to prevent the emergence of a paper trail of the relevant transactions.
The hack would eventually prove unsuccessful because of a small overlooked detail on the part of the hackers. The bank in the Philippines to which the hackers planned to deposit the stolen money was located on Jupiter Street in downtown Manila. As it turns out, Jupiter is also the name of a sanctioned Iranian vessel. The name prompted a review by the Fed’s automated computer system, and as a result, most of the payments were stopped. In the end, the hackers made out with only $81 million.
The attack on the Bangladesh Bank has since been attributed to the Lazarus Group. Designated Hidden Cobra by the United States government, the Lazarus Group is believed to have been responsible for a number of major North Korea cyber-attacks, including the 2014 Sony hack and the use of the WannaCry ransomware.
North Korea has used its cyber capabilities to target a number of foreign banks and financial institutions in an effort to generate money as a means to cope with international sanctions, and its believed to have stolen roughly $2 billion using cyber tools. As its cyber capabilities continue to develop, some experts have warned that North Korea may become increasingly capable of holding a range of targets, including critical infrastructure, at risk.