Special Report: North Korea’s Cyber Program Undermining International Sanctions

After negotiations broke down during the Hanoi Summit last week, the Trump Administration should add new considerations to the table. During President Trump’s meeting with Kim Jung Un last week, the topic of discussion at the summit was abundantly clear – denuclearization. Since the Singapore Summit, the Trump Administration has approached negotiations with a tunnel vision on denuclearization. Unfortunately this has caused other threats, such as the threat posed by North Korea’s cyber program, to be put on the sideline.

The tunnel-vision approach is a conscious decision by the Trump Administration not wishing to upset the negotiations apple cart. The Administration is worried that the North Koreans can cancel meetings at any time, but the diplomatic process should not outweigh the diplomatic substance. Ignoring the problem will not make it disappear: North Korea has profited significantly from its cyber program despite international sanctions. The extent of North Korea’s harm is estimated to be $5 billion, and if left unattended will only get worse.

The United States is not the only target of North Korea’s cyber program. One of North Korea’s first cyber-attacks, known as the DarkSeoul attack, caused over $700 million in damage to South Korean banks and broadcasters. The attack left many South Koreans unable to withdraw money from ATMs and many broadcasters staring at blank computer screens. 

Following the DarkSeoul attack, North Korea demonstrated its capabilities in the Sony attack in 2014. After the launch of The Interview – a satirical movie about assassinating the North Korean dictator, a North Korean proxy group, “Lazarus”, hit the company where it hurts most: Sony’s stock fell 10% during the hack and cost the company $35 million in IT repairs.

The most devastating North Korean cyber-attack came in 2017. The WannaCry ransomware attack infected over 300,000 computers in 150 countries and caused at least $4 billion in damage. The bulk of this damage occurred after North Korea lost control of the ransomware and it started to infect the global market. This attack highlights why North Korean cyber-attacks are so dangerous: North Korean hackers are unpredictable and reckless. The CEO of FireEye, a California-based cyber-security firm, Kevin Mandia, even went so far as to say “North Korea might be the biggest threat to the majority of global nations.”

The threat North Korea poses to the global community is dangerous, and it’s evolving. An Advanced Persistent Threat (APT for short) is an abbreviation used in the information security world to describe a group of hostile actors who gain access to a given network and then remain undetected for a long period of time, sometimes even years. Earlier this month, FireEye released a report detailing North Korea’s newest global cyber-security threat: an advanced persistent threat they’re calling APT38.

APT38 emerged in 2014, a year after UN Security Council Resolution 2094 imposed heavy sanctions on the Kim regime. The sanctions feature the reason for APT38’s formation – raise funds for the regime in order to flout international sanctions.

According to FireEye, to achieve this objective, APT38 steals from global financial institutions. This includes the theft of $81 million from a Bangladesh bank in 2016, $60 million from a Taiwanese bank in 2017, and $10 million from the bank of Chile in 2018. Banks are not the only financial institution that is targeted, according to Kaspersky Lab, North Korea’s list of targets also include “financial and trading companies, casinos and cryptocurrency businesses.” FireEye estimates that the group has attempted to steal as much as $1.1 billion from financial institutions across the world.

This vast amount of resources gained by the North Koreans undermines the effectiveness of sanctions. The United States Government can put as many sanctions as it wants on North Korea’s nuclear program, but at the end of the day the Kim regime will still be able to obtain funds through illicit means unless it is properly addressed by the Trump Administration.

Despite the recent détente between Pyongyang and Washington, North Korean cyber operations persist. According to a recent FireEye report, “the timing of recent APT38 operations provides some indication that even diplomatic re-engagement will not motivate North Korea to rein in its illicit financially-motivated activities.” 

As the Trump Administration is currently discovering, denuclearization negotiations will be a long and drawn-out process. The Administration has remained consistent that sanctions will continue North Korea until denuclearization occurs. As the denuclearization process continues to limp forward and the sanctions continue to restrict North Korean trade, anticipate the Kim regime to turn to its favorite fundraising tool – cyber-attacks. Whether the Trump administration will break from its denuclearization fixation post-Hanoi Summit is yet to be seen. But one thing is certain: If the North Korean cyber program is left unattended, then the cyber-attacks will only grow more sophisticated, more persistent, and more destructive.