North Korea’s overseas workers, including IT specialists, are major factors in the country’s ability to finance its weapons programs through the theft of funds, including cryptocurrencies.
Special envoys for the Democratic People’s Republic of Korea (DPRK) from the United States, Japan, and South Korea recently expressed their grave concerns about the country’s growing nuclear program. According to the envoys, North Korea’s overseas workers, especially IT specialists, engaged in “malicious cyber activities” are major factors for the regime’s ability to finance its weapons program through the theft and laundering of funds, including cryptocurrencies. Diplomats are “deeply concerned about how the DPRK supports these programs by stealing and laundering funds as well as gathering information through malicious cyber activities,” citing estimates from crypto analytics firm Chainalysis that North Korea linked-hackers stole a record of $1.7 billion in cryptocurrency last year alone.
Despite the United Nations Security Council Resolution 2397, which mandated the repatriation of overseas North Korean workers by all UN member states, many of these individuals continue to work abroad. “Overseas DPRK IT workers continue using forged identities and nationalities to evade UNSC sanctions and earn income abroad that funds the DPRK’s unlawful weapon of mass destruction and ballistic missile programs,” the envoys said in a joint statement Friday.
North Korean hackers have long been alleged of using cryptocurrencies to generate revenue for the country. Last year’s report from cybersecurity firm Mandiant said that North Korean cybercriminals are targeting jobs listed on platforms such as LinkedIn and Indeed to plagiarize resumes and other people’s profiles to land remote work at crypto firms.
Lazarus Group, a notorious hacking group believed to be sponsored by the North Korean government, is allegedly responsible for carrying out a number of high-profile cyber attacks against various targets, including banks, governments, and crypto exchanges. Among some high-profile attacks attributed to North Korean hackers was the 2018 theft of $530 million worth of cryptocurrency from the Japanese crypto exchange Coincheck.
In November last year, the U.S. Treasury Department revised its sanctions on Tornado Cash, an Ethereum coin mixer, highlighting its role in aiding malicious cyber activities that support the DPRK’s weapons of mass destruction program. According to U.S. authorities, Lazarus used Tornado Cash as a primary tool to conceal stolen funds.
The situation raises concerns about the future of cybersecurity and cryptocurrency practices as it continues to provide a conduit for cybercriminals to steal funds, launder money, and evade regulatory oversight. While the sanctions and resolutions are in place, the question remains if they can be effectively enforced, providing hope that diplomatic efforts will stall the transfer of funds to North Korea’s weapons programs.