How cybercrime funds North Korea’s nuclear programme

iStock | Cyber attackers working for North Korea have stolen around $2 billion since 2016 to fund Pyongyang's nuclear programme, a UN report says.

Cyberattacks have earned North Korea about $2 billion in just over three years, money that has gone towards its nuclear and ballistic missile programmes, according to a UN report.


The report, which was presented to the UN Security Council’s Sanctions Committee on North Korea, has totted up the loot brought in by 39 attacks since 2016, carried out by suspected cyber criminals in Pyongyang’s pay. They targeted financial institutions in 17 countries and stole bitcoins from cyptocurrency trading sites in raids that “used cyberspace to launch increasingly sophisticated attacks to steal funds from financial institutions and cryptocurrency exchanges to generate income”, the report says.

IT attacks that make money for North Korea have been known about and documented for years. One of the most active cybercriminal groups, nicknamed Lazarus, is suspected of being the driving force behind the well-publicised robbery of $80 million from the Bangladeshi central bank in 2016. Overall, between 2017 and 2018, at least $571 million was stolen in the hacking of five cryptocurrency trading platforms, according to an October 2018 report by the Russian cyber security firm IB Group.

‘Hidden Cobra’

Lazarus is not the only group of hackers that works to feed Pyongyang’s coffers. North Korean cybercrime activities are co-ordinated by the Reconnaissance General Bureau, the main intelligence organ of Kim Jong-un’s Workers’ Party of Korea. US authorities have given these cybercrime operations the collective code name Hidden Cobra, and have identified about twenty hacking weapons (viruses, Trojan horses etc) that have been used for North Korea’s benefit.

However, until the release of the UN report, the amount of money these cyberattacks have raked in was unknown. If its estimate of $2 billion is proven to be accurate, that would mean that cybercrime has become “one of the most important, if not the most important, source of income for the North Korean state”, noted Antoine Bondaz, director of the Korea programme at the Foundation for Strategic Research in Paris, in an interview with FRANCE 24.

Since the introduction of tight economic sanctions in 2006 in an attempt to deprive North Korea of the necessary funds for its nuclear programme, Pyongyang has adapted deftly. The regime has evaded sanctions to continue to sell conventional weapons to countries such as DR Congo, Uganda, Tanzania, Syria and Yemen, said Bondaz. That’s while diplomats have long played a key role in smuggling counterfeit banknotes, contraband cigarettes and even drugs to earn money for the regime.

Pyongyang has also pocketed hundreds of millions of dollars on the back of its nationals working abroad in conditions “close to slavery”, said Sebastian Harnisch, a North Korea specialist and professor of international relations at the University of Heidelberg. Harnisch pointed out that there are still about 45 countries, including Russia, China and Myanmar, that -- in practice -- still allow North Koreans to work on their territory in such conditions.

‘The role of China is essential’

Nevertheless, the steady ratcheting up of sanctions means that revenue streams from these historic illegal activities now represent a marginal share of government revenues, both analysts said. Cybercrime – which is far less easy for the international community to tackle than the sale of arms by ship or the presence of North Korean workers on construction sites in Poland – has taken over and the amount of manpower North Korea has put in has continued to climb accordingly. Whereas there were just a few dozen such agents in the 2000s, there are now “several thousand people in North Korea and hundreds in other countries like China and Russia” who make money for Pyongyang through cybercrime.

There is no doubt that the money they make is used to finance the nuclear and ballistic missile programmes. “It’s the only real priority for the North Korean budget,” Bondaz noted.

Yet money from cyberattacks is not the only source of funding. “There is also barter, which -- according to various estimates -- pays for roughly 30 percent of the nuclear and ballistic programmes,” said Harnisch. In this process, North Koreans tend to exchange its technologies and raw materials such as coal and plutonium for crucial components in the production of missiles. For example, in the 2000s it sold its uranium production technologies to Syria.

That said, preventing North Korea from undertaking any more cybercrime operations would be a severe blow to Pyongyang. As is often the case with North Korea, Harnisch said, “the role of China is essential”. Indeed, all of the Internet traffic coming out of North Korea passes through Chinese access providers -- which, of course, gives Beijing the power to cut it off.

This article was adapted from the original in French.

Daily newsletterReceive essential international news every morning