Security Experts:

North Korean Threat Actors Acted as Hackers-for-Hire, Says U.S. Government

Threat actors working for North Korea have also been hired by others to hack websites and extort targets, the U.S. government says in a new cyber alert.

A joint advisory published on Wednesday by the U.S. Department of State, the Department of Treasury, the DHS, and the FBI provides guidance on the North Korean cyber threat and summarizes associated activities.

The United States has released numerous advisories and alerts describing North Korean threat actors, their operations and their tools. The U.S. has officially attributed the 2014 Sony Pictures breach, the 2016 Bangladesh Bank cyberheist, the 2017 WannaCry attack, the 2016 FASTCash campaign aimed at ATMs, and the 2018 attack on a cryptocurrency exchange to North Korea.

The government, which refers to North Korea’s cyber activities as Hidden Cobra, says the “DPRK has the capability to conduct disruptive or destructive cyber activities affecting U.S. critical infrastructure.” A $5 million reward has been offered for information on North Korea's illegal activities in cyberspace.

Cybersecurity firm FireEye has pointed out that the latest advisory reveals that North Korean threat actors have also worked as hackers-for-hire.

“DPRK cyber actors have also been paid to hack websites and extort targets for third-party clients,” the advisory reads.

John Hultquist, senior director of intelligence analysis at FireEye, believes this is the most interesting revelation in the report.

“Though we knew that these operators were involved in freelancing and other commercial activity such as software development we had no evidence that they were carrying out intrusions and attacks on behalf of anyone other than the North Korean regime,” Hultquist told SecurityWeek.

He added, “It’s not uncommon for states to tap commercial or criminal talent which then carries on parallel criminal activity, but it is rare for us to find evidence of state actors carrying out criminal side operations with the government’s knowledge. Ultimately, this is yet more evidence that North Korea is heavily invested in their cyber capability and taking every opportunity to leverage and monetize it.”

*updated with information on the reward offered by the US government

Related: UN Report: North Korea Cyber Experts Raised Up to $2 Billion

Related: North Korean Hackers Continue to Target Cryptocurrency Exchanges

Related: USCYBERCOM Shares More North Korean Malware Samples

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.