November 09, 2022

U.S.-ROK Strategy for Enhancing Cooperation on Combating and Deterring Cyber-Enabled Financial Crime

By Jason Bartlett

Download the full PDF in English

Download a Korean translation

Executive Summary

The May 2022 U.S.-ROK Summit between President Joe Biden and President Yoon Suk-yeol revitalized previous bilateral commitments to establish a joint cyber working group to address the growing issue of cyber-enabled financial crime with specific emphasis on cryptocurrency, blockchain technology, and illicit North Korean cyber activity. This report provides specific policy recommendations for Washington and Seoul to incorporate within the cyber working group to enhance cooperation on combating and deterring cyber-enabled financial crime, especially from state-sponsored actors.

North Korea has become the greatest state-sponsored threat to the global financial services sector. From 2021 to June 2022 alone, North Korean cyber operatives and their facilitators stole more than $1 billion (in U.S. currency, as throughout this report unless otherwise indicated) in digital assets through hacking cryptocurrency exchanges and laundering the stolen funds using various financial technologies and obfuscation techniques, including cryptocurrency mixers and foreign over-the-counter brokers.

North Korea has become the greatest state-sponsored threat to the global financial services sector...Washington and Seoul must work together to change this reality.

Pyongyang will likely maintain this position as long as the potential gains of cyber operations against financial services are greater than the potential risks and resources needed to conduct these operations. Washington and Seoul must work together to change this reality.

This report compiles the findings of a year-long research project to generate actionable policy recommendations for Washington and Seoul to incorporate within their joint cyber working group to strengthen joint deterrence against state-sponsored cyber-enabled financial crime that continues to target both U.S. and South Korean social, financial, and cyber infrastructure. Based on intensive field research and interviews with U.S. and ROK stakeholders, this report outlines current challenges to enhancing U.S.-ROK cyber coordination, details the evolution of North Korea’s cyber program and modern-day threats, provides policy recommendations for the joint cyber working group, and includes an appendix with all relevant U.S. and ROK agencies that can contribute valuable expertise to the group.

Main Takeaways

  • North Korea began developing a cyber program in the mid-1980s that was supported by both domestic innovation and foreign assistance.
  • Starting in the late 2000s, Pyongyang launched offensive cyber operations against South Korean government agencies, businesses, research organizations, traditional financial institutions, North Korean defectors who had resettled, and ordinary South Korean citizens for mostly politically motivated reasons.
  • North Korean cybercrime significantly evolved between 2015 and 2016, with a rapid increase in cyber operations targeting both traditional and non-traditional financial institutions and technology such as cryptocurrency, blockchain, and later, decentralized finance platforms.
  • Washington and Seoul possess different, but complementary, expertise and capabilities related to curbing cyber-enabled financial crime that should be considered within the joint U.S.-ROK cyber working group revitalized during the May 2022 U.S.-ROK Summit.
  • Key bureaucratic and logistical differences exist between Washington and Seoul regarding how they perceive and respond to North Korea–related threats that have prevented enhanced cooperation, including:
    • Political oscillation in Seoul pertaining to North Korean policy;
    • Discrepancies in U.S. and ROK government perception and resource allocation toward certain state-sponsored cyber threats;
    • Difficulties in properly identifying U.S.-ROK government agency counterparts.

Summary of Recommendations

The following policy recommendations seek to offer guidance to the joint U.S.-ROK cyber working group to enhance bilateral cooperation on combating and deterring cyber-enabled financial crime, with specific emphasis on state-sponsored cybercrime from actors such as North Korea. Washington and Seoul should:

  1. Establish a research agenda for the U.S.-ROK cyber working group to identify exploitable vulnerabilities in state-sponsored cybercrime strategy, with an initial focus on North Korea.
  2. Identify specific representatives from relevant U.S. and ROK government agencies to participate in the joint cyber working group. This will improve routine information sharing and joint investigations.
  3. Consider the joint cyber working group as a U.S.-ROK partnership to protect against any state-sponsored cyber-enabled financial crime operations.
  4. Issue a joint advisory guidance document on potential cybersecurity and financial risks related to social engineering hacks. This will build trust and rapport with the private sector while attempting to stymie cyber-enabled financial crime tactics.
  5. Organize an external advisory team of leading U.S. and ROK nongovernment researchers and private sector analysts who work on issues pertaining to the agenda of the joint working group and can offer outside assistance and advice.


The United States and South Korean governments have developed significantly different approaches to address state-sponsored cyber-enabled financial crime with specific regard to North Korea. Actors such as North Korea have rapidly adopted cryptocurrency and related financial technology as an increasingly preferred tool to facilitate cyber-enabled financial crime, and this development has highlighted the need for enhanced cooperation between Washington and Seoul. Given Pyongyang’s national priority to evade economic sanctions and expand its nuclear weapons arsenal, this massive influx of currency into North Korea raises significant security concerns for both the United States and South Korea.

While a rapidly growing number of illicit North Korean cyber activity targets the financial sector, other cybercrime state sponsors, including China and Russia, present different cybersecurity risks to the United States and South Korea, as they often target government agencies and infrastructure for information espionage, technology theft, and system shutdowns. Although the current focus of the U.S.–Republic of Korea (ROK) joint cyber working group is on North Korea–sponsored cyber-enabled financial crime efforts, Washington and Seoul should consider future research that includes cyber threats from other state-sponsored actors.

  1. “United States–Republic of Korea Leaders’ Joint Statement,” The White House, press release, May 21, 2022,; “U.S.-ROK Leaders’ Joint Statement,” The White House, press release, May 21, 2021,
  2. Jason Bartlett, “Why North Korea Is the Greatest State-Sponsored Threat to the Financial Services Sector,” Korea on Point by the Sejong Institute, June 27, 2022,; Olga Kharif, Sidhartha Shukla, and Bloomberg, “Hackers Just Stole $100 Million in Crypto from Harmony’s Horizon Bridge,” Fortune, June 24, 2022,


  • Jason Bartlett

    Former Research Associate, Energy, Economics, and Security Program

    Jason Bartlett is a former Research Associate for the Energy, Economics, and Security Program at CNAS. He analyzes developments and trends in sanctions policy and evasion tact...

  • Commentary
    • Lawfare
    • November 29, 2022
    To Designate or Not? Russia and SST Status

    The United States is unlikely to expend its political and financial resources to impose additional secondary sanctions as part of its Russia sanctions regime...

    By Jocelyn Trainer

  • Commentary
    • New Security Beat
    • November 29, 2022
    COP27 in Egypt: Putting Human Rights on the Climate Agenda

    Cairo hoped that COP27 would focus on its stated agenda: climate change adaptation. Yet it was human rights concerns—such as jailed pro-democracy activist Alaa Abdel Fattah’s ...

    By Arona Baigal & Jocelyn Trainer

  • Commentary
    • November 16, 2022
    Sharper: Chips

    The reliance on semiconductor chips, from accomplishing everyday tasks to fighting wars, has placed them at the center of geopolitical decisions by leaders around the world. R...

    By Anna Pederson

  • Commentary
    • United States Institute for Peace
    • November 3, 2022
    The Geopolitics of Deep-Sea Mining and Green Technologies

    Demand for exploiting minerals on the seabed is rising. But the hasty development of a DSM regulatory framework could heighten geopolitical competition and environmental degra...

    By Jocelyn Trainer

View All Reports View All Articles & Multimedia