U.S. report warns of 'thousands' of North Korean hackers

Thousands of IT workers, hackers and front people in Pyongyang's employ may be engaging in cyber crime on the regime's behalf, according to U.S. officials.

From left to right: Photos of North Korean hackers Park Jin-hyok, Jon Chang-hyok and Kim Il, released by the U.S. Justice Department in 2021 when it unsealed charges against the three North Koreans for allegedly stealing and extorting more than $1.3 billion in cash and cryptocurrency from businesses, banks and individuals around the world.[YONHAP]

Thousands of IT workers, hackers and front people in Pyongyang's employ may be engaging in cybercrime on the regime's behalf, according to U.S. officials.

The workers, believed to be based largely in Russia and China though their exact physical locations are unknown, have been linked to the regime’s massive crypto heists, the Wall Street Journal reported on Sunday.

In the case of the Ronin Bridge hack cited by the paper, a North Korean hacker posing as a recruiter on LinkedIn approached a Sky Mavis engineer last year.

After a phone conversation, the hacker gave the engineer a document that he said was part of the recruitment process, but which actually contained malicious code that allowed North Korean hackers to break into Sky Mavis and steal over $600 million.

Anne Neuberger, the Biden administration’s deputy national security adviser for cyber and emerging technology, told the Wall Street Journal that North Korea uses cyber crime to gain up to half of their funds to fund their missile program, up from the 30 percent estimate she gave at a public event in July last year.

While cyber heists do bring in big money for the regime, other North Korean IT workers also earn as much as $300,000 per year doing run-of-the-mill technology work, usually by posing as workers from other countries, such as Canada and Japan, or even as government officials, the Wall Street Journal report said.

But even work contracts are apparently not without risks.

In order to infiltrate crypto companies, North Korean hackers hire what the report called Western front people who sit through interviews to get hired by crypto firms unaware of applicants' ties to the hackers.

Once hired, the front people make small changes or steal secrets from their employers that open the door to North Korean hackers.

According to blockchain analysis company Chainalysis, North Korean hackers have stolen over $3 billion over the past five years.

The growth in Pyongyang’s haul from cyber crime has corresponded with a sharp rise in missile tests by the regime, which launched over 90 cruise and ballistic missiles last year and conducted its first successful test of a solid-fuel intercontinental ballistic missile in April.

According to the Wall Street Journal, North Korean hacks have surprised U.S. officials and researchers with their technical sophistication and creativity.

North Korean hackers were behind the first observed instance of a cascading supply-chain attack last year.

The hackers first attacked Trading Technologies, which develops online trading software.

An employee of software company 3CX, a customer of Trading Technologies, downloaded a corrupted version of the Trading Technologies software, which opened the door to the hackers to corrupt 3CX software that was then used to hack 3CX customers, including cryptocurrency exchanges.

BY MICHAEL LEE [lee.junhyuk@joongang.co.kr]