On Monday, Reuters saw a confidential United Nations report, which said that more crypto assets were stolen by North Korea in the previous year than any other.
The report also disclosed that the North Korean hackers had targeted the networks of foreign defense and aerospace companies.
The report
The U.N. Security Council Committee was informed by independent sanctions monitors that increasingly sophisticated cyber techniques had been used by North Korea for gaining access to digital networks in cyber finance.
They had done so for stealing valuable information, including about the weapons program. North Korea had previously been accused by the monitors of using cyberattacks for funding its missile and nuclear programs.
The monitors said in the report that DPRK actors had stolen a high value of crypto assets in 2022 than they had done in any other year.
All allegations of cyberattacks and hacking have previously been denied by North Korea. The sanctions monitor also shared estimates put forward by South Korea.
They showed that hackers linked to North Korea had stolen crypto assets worth $630 million in the previous year, while a cybersecurity firm estimated that their cybercrime activities had yielded $1 billion.
Similar conclusions
The U.N. report said that there has been a change in the value of cryptocurrencies in recent months, which could have resulted in the difference in these estimates.
Nonetheless, it said that both numbers show that 2022 had proven to be a record-breaking year for DPRK in terms of the theft of crypto assets.
Last week, a blockchain analytics firm in the United States had also come to the same conclusion. According to the U.N. report, cyberthreat actors are using more sophisticated techniques.
Therefore, it becomes rather difficult to track stolen funds. Diplomats said that they would reveal the report publicly later this month or in the next one.
Extortion
According to the monitors, the groups that carried out most of the cyberattacks were under the control of the Reconnaissance General Bureau, which is the primary intelligence bureau of North Korea.
They said that the groups included some of the popular ones that are tracked by the cybersecurity industry, such as Andariel, Lazarus Group, and Kimusky.
The U.N. report said that these actors had continued to target victims illicitly for obtaining information that was valuable to North Korea and for generating revenue.
It was further revealed by the sanctions monitors that the groups had deployed malware via various methods, such as phishing.
One of these campaigns had been aimed at employees of different organizations in various countries. The U.N. report said that they had gotten in touch with individuals via LinkedIn at first.
Once they had established a level of trust with their targets, the attackers delivered malicious payloads via WhatsApp.
They had managed to extort ransoms from a number of companies in various countries by distributing ransomware.
The U.N. sanctions monitors reported in 2019 that North Korea had managed to generate a total of $2 billion in several years through sophisticated cyberattacks.