Special envoys for the Democratic People’s Republic of Korea (DPRK) from the United States, Japan, and South Korea have expressed grave concerns about the country’s growing nuclear program.
The envoys noted that North Korea’s overseas workers, including IT specialists engaged in “malicious cyber activities,” are a major factor in the regime’s ability to finance its weapons programs through the theft and laundering of funds, including cryptocurrencies, per an AFP report.
Citing estimates from crypto analytics firm Chainalysis, North Korea-linked hackers stole a record of $1.7 billion in cryptocurrency last year alone. Diplomats said on Friday that they are “deeply concerned about how the DPRK supports these programs by stealing and laundering funds as well as gathering information through malicious cyber activities.”
Despite the United Nations Security Council Resolution 2397, which mandated the repatriation of overseas North Korean workers by all UN member states, many of these individuals continue to work abroad.
“Overseas DPRK IT workers continue using forged identities and nationalities to evade UNSC sanctions and earn income abroad that funds the DPRK’s unlawful weapon of mass destruction and ballistic missile programs,” the envoys said in a joint statement Friday.
Hacker groups take aim at crypto
North Korean hackers have long been alleged of using cryptocurrencies to generate revenue for the country.
Last year’s report from cybersecurity firm Mandiant said that North Korean cybercriminals are targeting jobs listed on platforms such as LinkedIn and Indeed to plagiarize resumes and other people’s profiles to land remote work at crypto firms.
Among some high-profile attacks attributed to North Korean hackers was the 2018 theft of $530 million worth of cryptocurrency from the Japanese crypto exchange Coincheck. In what was one of the largest cryptocurrency heists in history, the hackers reportedly used malware to gain access to the exchange’s systems and steal the funds.
The Lazarus Group, a notorious hacking group believed to be sponsored by the North Korean government, is allegedly responsible for carrying out a number of high-profile cyber attacks against various targets, including banks, governments, and crypto exchanges.
Known for its use of sophisticated techniques in its attacks, including malware and spear-phishing campaigns, Lazarus was earlier this year identified by the FBI as the main culprit behind the $100 million hack of Harmony Protocol in June 2022.
In November last year, the U.S. Treasury Department revised its sanctions on Tornado Cash, an Ethereum coin mixer, highlighting its role in aiding malicious cyber activities that support the DPRK’s weapons of mass destruction program.
Lazarus, according to U.S. authorities, used Tornado Cash as a primary tool to conceal stolen funds.