Connect with us

Hi, what are you looking for?



North Korean Threat Actors Acted as Hackers-for-Hire, Says U.S. Government

Threat actors working for North Korea have also been hired by others to hack websites and extort targets, the U.S. government says in a new cyber alert.

Threat actors working for North Korea have also been hired by others to hack websites and extort targets, the U.S. government says in a new cyber alert.

A joint advisory published on Wednesday by the U.S. Department of State, the Department of Treasury, the DHS, and the FBI provides guidance on the North Korean cyber threat and summarizes associated activities.

The United States has released numerous advisories and alerts describing North Korean threat actors, their operations and their tools. The U.S. has officially attributed the 2014 Sony Pictures breach, the 2016 Bangladesh Bank cyberheist, the 2017 WannaCry attack, the 2016 FASTCash campaign aimed at ATMs, and the 2018 attack on a cryptocurrency exchange to North Korea.

The government, which refers to North Korea’s cyber activities as Hidden Cobra, says the “DPRK has the capability to conduct disruptive or destructive cyber activities affecting U.S. critical infrastructure.” A $5 million reward has been offered for information on North Korea’s illegal activities in cyberspace.

Cybersecurity firm FireEye has pointed out that the latest advisory reveals that North Korean threat actors have also worked as hackers-for-hire.

“DPRK cyber actors have also been paid to hack websites and extort targets for third-party clients,” the advisory reads.

John Hultquist, senior director of intelligence analysis at FireEye, believes this is the most interesting revelation in the report.

“Though we knew that these operators were involved in freelancing and other commercial activity such as software development we had no evidence that they were carrying out intrusions and attacks on behalf of anyone other than the North Korean regime,” Hultquist told SecurityWeek.

Advertisement. Scroll to continue reading.

He added, “It’s not uncommon for states to tap commercial or criminal talent which then carries on parallel criminal activity, but it is rare for us to find evidence of state actors carrying out criminal side operations with the government’s knowledge. Ultimately, this is yet more evidence that North Korea is heavily invested in their cyber capability and taking every opportunity to leverage and monetize it.”

*updated with information on the reward offered by the US government

Related: UN Report: North Korea Cyber Experts Raised Up to $2 Billion

Related: North Korean Hackers Continue to Target Cryptocurrency Exchanges

Related: USCYBERCOM Shares More North Korean Malware Samples

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.