A U.S. grand jury indicted three North Korean hackers in February on charges of attempting to steal or extort $1.3 billion from international financial institutions and companies.
The egregious North Korean cyberattack was hardly an isolated event. Since 2007, the regime in Pyongyang has engaged in cyber espionage, disruptive and destructive attacks, cyberterrorism, and cyber bank robbery, as well as attacks on cryptocurrency exchanges and pharmaceutical companies working on COVID-19 vaccines.
In 2014, North Korean hackers—identified as Park Jin Hyok, Jon Chang Hyok, and Kim II—launched a cyberattack against Sony Pictures Entertainment, stole sensitive information about Sony employees, and threatened “9/11-style attacks” against movie theaters in order to prevent the release of a movie that ridiculed North Korean dictator Kim Jong Un.
North Korean cyberattacks abroad have ranged from paralyzing the United Kingdom’s National Health Service to hacking India’s new nuclear power plant.
The number of North Korean cyberattacks on financial institutions is alarming, with dozens of those attacks targeting vulnerable financial institutions and cryptocurrency exchanges in at least 17 countries.
In January 2018, North Korean hackers attempted to steal $110 million from Bancomext. In May 2018, they hacked Banco de Chile that forced the transfer of $10 million. The hackers also “withdrew” $13.5 million from Cosmos Bank in August 2018, which involved more than 14,000 ATMs in 28 countries over five hours.
From cyberattacks on banks and other financial institutions, Pyongyang has garnered at least $2 billion.
Since these attacks, the North Korean cyberattack has become a top national security concern.
According to the United Nations Panel of Experts, the North Korean hackers raise money for their government to finance its nuclear weapons program and to circumvent the international sanctions imposed on the Kim regime.
The threat is heightened by the North Korean hackers’ use of new technologies to evade sanctions. North Korean hackers exploit technology such as the dark web, a network designed for anonymity, to trade malware, hire hackers, launch cyberattacks, and launder virtual currencies. Through these technologies, North Korean hackers provide undetectable cash supply chains for a regime that desperately needs funds to sustain its nuclear capabilities.
In response to North Korean cyberattacks, the U.S. government must enhance its firm approach against those hackers and increase cooperation with banks to prevent them from laundering stolen money. It must also engage with the private sector to improve cyberdefenses.
North Korean cyber operations are a strategic threat to the United States, its partners, and the international financial network. Pyongyang’s cybercrimes undermine sanctions and constrain international efforts to curtail regime nuclear and missile programs.
Washington needs to make addressing the threat a national priority by establishing a comprehensive whole-of-government strategy, which it coordinates with other governments, as well as with the private sector on a global basis to augment cyberdefenses.
The U.S. should also more fully enforce existing laws and assess what additional legislative and executive actions are needed, including greater regulations of cybercurrency exchanges.
Washington should determine a range of punitive steps—both cyber and military—for responding to attacks deemed detrimental to national security.
Bruce Klingner, a senior research fellow for Northeast Asia at The Heritage Foundation’s Asian Studies Center, spent 20 years in the intelligence community working at the CIA and Defense Intelligence Agency.
