Connect with us

Hi, what are you looking for?



UN Experts: North Korea Using Cyber Attacks to Update Nukes

North Korea has modernized its nuclear weapons and ballistic missiles by flaunting United Nations sanctions, using cyberattacks to help finance its programs and continuing to seek material and technology overseas for its arsenal, U.N. experts said.

North Korea has modernized its nuclear weapons and ballistic missiles by flaunting United Nations sanctions, using cyberattacks to help finance its programs and continuing to seek material and technology overseas for its arsenal, U.N. experts said.

The panel of experts monitoring sanctions on the Northeast Asian nation said in a report sent to Security Council members Monday that North Korea’s “total theft of virtual assets from 2019 to November 2020 is valued at approximately $316.4 million,” according to one unidentified country.

The panel said its investigations found that North Korean-linked cyber actors continued to conduct operations in 2020 against financial institutions and virtual currency exchange houses to generate money to support its weapons of mass destruction and ballistic missile programs.

In its weapons development, the experts said, Kim Jong Un’s government has also produced fissile material — an essential ingredient for producing nuclear weapons — and maintained its nuclear facilities.

“It displayed new short-range, medium-range, submarine-launched and intercontinental ballistic missile systems at military parades,“ they said. “It announced preparation for testing and production of new ballistic missile warheads and, development of tactical nuclear weapons … and upgraded its ballistic missile infrastructure.“

The panel recommended that the Security Council impose sanctions on four North Korean men: Choe Song Chol, Im Song Sun, Pak Hwa Song, and Hwang Kil Su.

The Security Council has imposed increasingly tough sanctions on North Korea since its first test explosion of a nuclear device in 2006. It has banned most of the country’s exports and severely limited its imports, trying to pressure Pyongyang into abandoning its nuclear and ballistic missile programs.

Advertisement. Scroll to continue reading.

But the report’s summary and some key findings and recommendations, obtained by The Associated Press, make clear that North Korea remains able to evade sanctions and develop its weapons and to illicitly import refined petroleum, access international banking channels and carry out “malicious cyber activities.”

North Korea’s arsenal escalated to a major threat to the United States following tests in 2017 that included a detonation of a purported thermonuclear warhead and flight tests demonstrating its ICBMs could reach deep in the American mainland.

A year later, Kim initiated diplomacy with South Korea and then-U.S. President Donald Trump that derailed in 2019 when the Americans rejected North Korea’s demands for major sanctions relief in exchange for a piecemeal deal partially surrendering its nuclear weapons capabilities.

Last year, North Korea’s already battered economy decayed further amid the COVID-19 pandemic, which led Kim to close the country’s borders. That severely limited the legal and illegal transfer of goods and movement of people, according to the experts.

At a North Korean political conference, Kim sharply criticized his government’s economic agencies for unspecified passiveness and “self-protecting tendencies,” the North’s state media reported Tuesday. His remarks follow a ruling party congress last month where he called for greater state control over the economy while also vowing to continue all-out efforts to boost his nuclear program, which North Korea sees as a deterrent to the U.S. and thus an assurance of the Kim dynasty’s continued existence.

With his diplomatic efforts stalemated, Kim must start all over again with President Joe Biden, who previously called him a “thug” and criticized Trump for summit spectacles instead of significant nuclear reductions.

In August 2019, the U.N. panel said North Korean cyber experts illegally obtained proceeds “estimated at up to $2 billion” to fund its weapons programs.

The panel said in the new report that it investigated “malicious” activities by the Reconnaissance General Bureau — North Korea’s primary intelligence agency, which is on the U.N. sanctions blacklist — including “the targeting of virtual assets and virtual asset service providers, and attacks on defense companies.”

North Korea continues to launder stolen cryptocurrencies especially through over-the-counter virtual asset brokers in China to acquire fiat currency which is government backed, like the U.S. dollar, the experts said.

The panel said it is investigating a September 2020 hack against a cryptocurrency exchange that resulted in approximately $281 million worth of cryptocurrencies being stolen, and transactions on the blockchain indicating the $281 million hack is related to a $23 million second hack in October 2020.

“Preliminary analysis, based on the attack vectors and subsequent efforts to launder the illicit proceeds strongly suggests links to the DPRK,” the experts said, using the initials of the country’s official name, the Democratic People’s Republic of Korea.

According to one unnamed country, North Korea also continues to generate illegal revenue by exploiting freelance information technology platforms using the same methods it does to access the global financial system — false identification, use of virtual private network services, and establishing front companies in Hong Kong, the panel said.

The experts said they investigated attempted violations of the U.N. arms embargo, including illegal actions of blacklisted companies. They cited the Korea Mining Development Trading Corporation, alleged military cooperation by North Korea, and the use of the country’s overseas diplomatic missions for commercial purposes.

The panel said it also investigated “the country’s continued illicit import of refined petroleum, via direct deliveries and ship-to-ship transfers, using elaborate subterfuge.“

It cited images, data and calculations from an unidentified country showing that between Jan. 1 and Sept. 30 last year North Korea received shipments of refined petroleum products exceeding “by several times” the annual ceiling of 500,000 barrels set by the Security Council.

U.N. sanctions ban North Korean coal exports, and the panel said shipments of coal appear to have been largely suspended since late July 2020.

It said that last year, North Korea continued to transfer fishing rights in violation of sanctions, which earned the country $120 million in 2018, according to an unnamed member state.

Under a 2017 sanctions resolution, all North Korean nationals working overseas were to be repatriated by Dec. 22, 2019. The experts said they investigated North Korean workers earning income in sub-Saharan Africa as well as information technology workers dispatched by the Munitions Industry Department.

Related: North Korean Threat Actors Acted as Hackers-for-Hire, Says U.S. Government

Related: U.S. Army Report Describes North Korea’s Cyber Warfare Capabilities

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.