North Korean-based actors have allegedly run company breaches, crypto crime, weapons sales, money laundering, human rights abuses and WMD program funding. Given the high stakes involved, the U.S. Department of State Rewards for Justice program is offering $5 million for information that helps disrupt the illicit flow of funds to North Korea (officially the Democratic People’s Republic of Korea).

The program builds upon a past Federal Cyber Threat Advisory. It states that the DPRK’s cyber activities threaten the United States and the integrity and stability of the international financial system. According to the advisory, the DPRK has relied more and more on illicit activities to generate revenue for its weapons of mass destruction and ballistic missile programs.

$5 Million Reward

As of this writing, the reward statement remains posted on the Rewards for Justice program website.

The $5 million reward is offered for information on the North Korean regime and its supporters who engage in illegal activities to fund the development of nuclear weapons. The actions listed by the program include:

  • Money laundering
  • Sanctions evasion
  • Cyber crimes.

Extensive History of Attacks

In 2021, North Korean actors stole almost $400 million worth of digital assets in at least seven attacks on cryptocurrency platforms last year, according to a recent Chainalysis report. This makes 2021 one of the most prolific years ever for cyber criminals based in the DPRK.

Threat actors allegedly used tactics such as phishing, code exploits and malware to steal funds from victims’ crypto wallets. The attackers then transferred the funds to North Korea-controlled addresses, according to the report. Most of the attacks targeted investment firms and centralized exchanges. The North Korean government has routinely denied involvement in these attacks.

The Lazarus Group

Chainalysis said many of last year’s attacks were likely run by the Lazarus Group, a cyber gang that has been the target of U.S. sanctions. North Korea’s primary intelligence bureau, the Reconnaissance General Bureau, allegedly controls Lazarus. The Department of Justice also accused the Lazarus Group of having a hand in the worldwide ransomware WannaCry attacks, which encrypted data on at least 75,000 computers in 99 countries.

US Citizen Conspirator

In April, the FBI arrested U.S. citizen Virgil Griffith, 39, for conspiring to provide unlawful services to the DPRK. Those services included technical advice on using crypto and blockchain tools to evade sanctions. Griffith received a sentence of 63 months in prison after pleading guilty to conspiracy to violate the International Emergency Economic Powers Act.

In 2019, Griffith traveled to North Korea to present at the Pyongyang Blockchain and Cryptocurrency Conference. Prior to this, the Department of State had denied Griffith permission to travel to the DPRK. Nevertheless, Griffith delivered presentations at the conference, knowing that doing so violated sanctions against the DPRK.

Given this extensive history of attacks, the federal authorities are paying attention. They continue to seek information leading to the disruption of cyber criminal activity from the DPRK.

More from News

The White House on Quantum Encryption and IoT Labels

A recent White House Fact Sheet outlined the current and future U.S. cybersecurity priorities. While most of the topics covered were in line with expectations, others drew more attention. The emphasis on critical infrastructure protection is clearly a top national priority. However, the plan is to create a labeling system for IoT devices, identifying the ones with the highest cybersecurity standards. Few expected that news. The topic of quantum-resistant encryption reveals that such concerns may become a reality sooner than…

Malware-as-a-Service Flaunts Its Tally of Users and Victims

As time passes, the security landscape keeps getting stranger and scarier. How long did the “not if, but when” mentality towards cyberattacks last — a few years, maybe? Now, security pros think in terms of how often will their organization be attacked and at what cost. Or they consider how the difference between legitimate Software-as-a-Service (SaaS) brands and Malware-as-a-Service (MaaS) gangs keeps getting blurrier. MaaS operators provide web-based services, slick UX, tiered subscriptions, newsletters and Telegram channels that keep users…

New Survey Shows Burnout May Lead to Attrition

For many organizations and the cybersecurity industry as a whole, improving retention and reducing the skills gap is a top priority. Mimecast’s The State of Ransomware Readiness 2022: Reducing the Personal and Business Cost points to another growing concern — burnout that leads to attrition. Without skilled employees, organizations cannot protect their data and infrastructure from increasing cybersecurity attacks. According to Mimecast’s report, 77% of cybersecurity leaders say the number of cyberattacks against their company has increased or stayed the…

Alleged FBI Database Breach Exposes Agents and InfraGard

Recently the feds suffered a big hack, not once, but twice. First, the FBI-run InfraGard program suffered a breach. InfraGard aims to strengthen partnerships with the private sector to share information about cyber and physical threats. That organization experienced a major breach in early December, according to a KrebsOnSecurity report. Allegedly, the InfraGard database — containing contact information of over 80,000 members — appeared up for sale on a cyber crime forum. Also, the hackers have reportedly been communicating with…