United Nations experts say they are formally investigating at least 35 instances of cyberattacks by North Korea in 17 countries, believed to be carried out in a bid to fund its nuclear program. According to a report seen by Associated Press, North Korea has acquired as much as $2 billion from increasingly sophisticated cyber activities against financial institutions and cryptocurrency exchanges.
South Korea appears to be the hardest hit country, suffering at least 10 attacks. India was the victim of three attacks, with Bangladesh and Chile the victim of two each. Meanwhile, Costa Rica, Gambia, Guatemala, Kuwait, Liberia, Malaysia, Malta, Nigeria, Poland, Slovenia, South Africa, Tunisia and Vietnam suffered one attack each.
The attacks were undertaken in three main ways: through the SWIFT system used to transfer money between banks; directly through exchanges and users to steal cryptocurrency; and by "cryptojacking" computers by infecting them with malware to use its resources to generate cryptocurrency.
In one unnamed country, for example, hackers managed to access the infrastructure managing its entire ATM system and installed malware modifying the way transactions are processed. In another country, stolen funds were "transferred through at least 5,000 separate transactions and further routed to multiple countries before eventual conversion" to a currency that a government has declared legal money, therefore making it extremely difficult to track the funds.
Meanwhile, South Korea's cryptocurrency exchange, Bithumb, has been targeted at least four times. Two attacks in 2017 resulted in losses of around $7 million each, while a further two, in June 2018 and March 2019, lead to the loss of $31 million and $20 million respectively.
According to the report, many of these attacks are undertaken by actors operating under the direction of the Reconnaissance General Bureau -- the General Bureau is North Korea's military intelligence agency. The UN says that the attacks, which are "low risk and high yield" and often require little more than a laptop and internet access, are being investigated as attempts to violate UN sanctions.