Report Outlines North Korea’s Government-Funded Cybercrime Operation

North Korea has been a pariah amongst countries of the world for years. The country has managed to seclude itself, adopting cyberattacks in a bid to remain financially solvent. A new report has shed more light on the structure of the North Korean government’s coordinated effort to steal from foreign entities.

Meet Bureau 121

Earlier this week, the United States Army released a report which revealed that North Korea’s government hacking network has over 6,000 members worldwide. Titled North Korean Tactics, the document explained that the government incorporated a department called Bureau 121, to oversee the activities of four cybercrime groups.

Going deeper, the report explained that these groups don’t work from North Korea. The country doesn’t have the funds or IT infrastructure to carry out such an operation, so these groups are scattered across other nations — including China, India, Belarus, and Russia, among others.

North Korea’s exploits aren’t new. Last year, Reuters reported that the country had stolen $2 billion from banks and crypto exchanges alone. The statistics came from a report from the North Korea Sanctions Committee of the United Nations Security Council, which revealed that hackers had become essential to Pyongyang.

According to the Reuters report, North Korea had been launching different sophisticated attacks to launder stolen funds and funnel them into the country. The attacks formed a part of the country’s mission to sustain its weapons program, which has been a cause of global unrest for decades.

While North Korea hasn’t launched any coordinates yet, the country has a stockpile of short and medium-range missiles. Pyongyang has used them as leverage in international conflicts, threatening nuclear action against U.S. allies, most notably South Korea and Japan.

To curb North Korea’s influence, the United Nations had imposed several economic sanctions on the country. As far back as 2006, the U.N. and United States banned imports of refined petroleum products and crude oil into the country.  Facing reducing income streams and teetering on the brink of multiple recessions, Pyongyang resorted to cyberattacks.

North Korea Continues Cyberattack Spree

The new U.S. Army report elaborates on how these attacks are coordinated and some of the major players in the criminal scheme. One such department, called the Bluenoroff Group, deals in financial crime. It has over 1,700 members. Each member conducts crypto crimes “by concentrating on long-term assessment and exploiting enemy network vulnerabilities.”

The report also outlined the Lazarus Group, a hacker organization that barely needs any introduction. In 2018, a report from cybercrime company Group-IB claimed that the Lazarus Group was responsible for 65 percent of all cryptocurrencies stolen from exchanges between 2017 and 2018. This included about $532 million stolen from the Japanese exchange Coincheck.

The Lazarus Group has been active this year. In June, cybersecurity vendor Cyfirma warned that the group had planned a phishing campaign to target entities in Singapore, Japan, India, the United Kingdom, South Korea, and the United States. A separate report from the anti-malware group Kaspersky Labs explained that the group had targeted the internal networks of thousands of companies in the global economic sector.