November 09, 2022

U.S.-ROK Strategy for Enhancing Cooperation on Combating and Deterring Cyber-Enabled Financial Crime

Download the full PDF in English

Download a Korean translation

Executive Summary

The May 2022 U.S.-ROK Summit between President Joe Biden and President Yoon Suk-yeol revitalized previous bilateral commitments to establish a joint cyber working group to address the growing issue of cyber-enabled financial crime with specific emphasis on cryptocurrency, blockchain technology, and illicit North Korean cyber activity. This report provides specific policy recommendations for Washington and Seoul to incorporate within the cyber working group to enhance cooperation on combating and deterring cyber-enabled financial crime, especially from state-sponsored actors.

North Korea has become the greatest state-sponsored threat to the global financial services sector. From 2021 to June 2022 alone, North Korean cyber operatives and their facilitators stole more than $1 billion (in U.S. currency, as throughout this report unless otherwise indicated) in digital assets through hacking cryptocurrency exchanges and laundering the stolen funds using various financial technologies and obfuscation techniques, including cryptocurrency mixers and foreign over-the-counter brokers.

North Korea has become the greatest state-sponsored threat to the global financial services sector...Washington and Seoul must work together to change this reality.

Pyongyang will likely maintain this position as long as the potential gains of cyber operations against financial services are greater than the potential risks and resources needed to conduct these operations. Washington and Seoul must work together to change this reality.

This report compiles the findings of a year-long research project to generate actionable policy recommendations for Washington and Seoul to incorporate within their joint cyber working group to strengthen joint deterrence against state-sponsored cyber-enabled financial crime that continues to target both U.S. and South Korean social, financial, and cyber infrastructure. Based on intensive field research and interviews with U.S. and ROK stakeholders, this report outlines current challenges to enhancing U.S.-ROK cyber coordination, details the evolution of North Korea’s cyber program and modern-day threats, provides policy recommendations for the joint cyber working group, and includes an appendix with all relevant U.S. and ROK agencies that can contribute valuable expertise to the group.

Main Takeaways

  • North Korea began developing a cyber program in the mid-1980s that was supported by both domestic innovation and foreign assistance.
  • Starting in the late 2000s, Pyongyang launched offensive cyber operations against South Korean government agencies, businesses, research organizations, traditional financial institutions, North Korean defectors who had resettled, and ordinary South Korean citizens for mostly politically motivated reasons.
  • North Korean cybercrime significantly evolved between 2015 and 2016, with a rapid increase in cyber operations targeting both traditional and non-traditional financial institutions and technology such as cryptocurrency, blockchain, and later, decentralized finance platforms.
  • Washington and Seoul possess different, but complementary, expertise and capabilities related to curbing cyber-enabled financial crime that should be considered within the joint U.S.-ROK cyber working group revitalized during the May 2022 U.S.-ROK Summit.
  • Key bureaucratic and logistical differences exist between Washington and Seoul regarding how they perceive and respond to North Korea–related threats that have prevented enhanced cooperation, including:
    • Political oscillation in Seoul pertaining to North Korean policy;
    • Discrepancies in U.S. and ROK government perception and resource allocation toward certain state-sponsored cyber threats;
    • Difficulties in properly identifying U.S.-ROK government agency counterparts.

Summary of Recommendations

The following policy recommendations seek to offer guidance to the joint U.S.-ROK cyber working group to enhance bilateral cooperation on combating and deterring cyber-enabled financial crime, with specific emphasis on state-sponsored cybercrime from actors such as North Korea. Washington and Seoul should:

  1. Establish a research agenda for the U.S.-ROK cyber working group to identify exploitable vulnerabilities in state-sponsored cybercrime strategy, with an initial focus on North Korea.
  2. Identify specific representatives from relevant U.S. and ROK government agencies to participate in the joint cyber working group. This will improve routine information sharing and joint investigations.
  3. Consider the joint cyber working group as a U.S.-ROK partnership to protect against any state-sponsored cyber-enabled financial crime operations.
  4. Issue a joint advisory guidance document on potential cybersecurity and financial risks related to social engineering hacks. This will build trust and rapport with the private sector while attempting to stymie cyber-enabled financial crime tactics.
  5. Organize an external advisory team of leading U.S. and ROK nongovernment researchers and private sector analysts who work on issues pertaining to the agenda of the joint working group and can offer outside assistance and advice.


The United States and South Korean governments have developed significantly different approaches to address state-sponsored cyber-enabled financial crime with specific regard to North Korea. Actors such as North Korea have rapidly adopted cryptocurrency and related financial technology as an increasingly preferred tool to facilitate cyber-enabled financial crime, and this development has highlighted the need for enhanced cooperation between Washington and Seoul. Given Pyongyang’s national priority to evade economic sanctions and expand its nuclear weapons arsenal, this massive influx of currency into North Korea raises significant security concerns for both the United States and South Korea.

While a rapidly growing number of illicit North Korean cyber activity targets the financial sector, other cybercrime state sponsors, including China and Russia, present different cybersecurity risks to the United States and South Korea, as they often target government agencies and infrastructure for information espionage, technology theft, and system shutdowns. Although the current focus of the U.S.–Republic of Korea (ROK) joint cyber working group is on North Korea–sponsored cyber-enabled financial crime efforts, Washington and Seoul should consider future research that includes cyber threats from other state-sponsored actors.

  1. “United States–Republic of Korea Leaders’ Joint Statement,” The White House, press release, May 21, 2022,; “U.S.-ROK Leaders’ Joint Statement,” The White House, press release, May 21, 2021,
  2. Jason Bartlett, “Why North Korea Is the Greatest State-Sponsored Threat to the Financial Services Sector,” Korea on Point by the Sejong Institute, June 27, 2022,; Olga Kharif, Sidhartha Shukla, and Bloomberg, “Hackers Just Stole $100 Million in Crypto from Harmony’s Horizon Bridge,” Fortune, June 24, 2022,


  • Jason Bartlett

    Former Research Associate, Energy, Economics, and Security Program

    Jason Bartlett is a former Research Associate for the Energy, Economics, and Security Program at CNAS. He analyzes developments and trends in sanctions policy and evasion tact...

  • Reports
    • April 4, 2024
    Sanctions by The Numbers: The Russian Energy Sector

    Since 2014, the United States, the European Union (EU), and other like-minded nations have targeted the Russian energy sector with increasingly significant coercive economic m...

    By Jocelyn Trainer, Nicholas Lokker, Kristen Taylor & Uliana Certan

  • Commentary
    • Sharper
    • March 20, 2024
    Sharper: Regulating Technology

    The pace of technological change presents both immense opportunity for private industry and complex challenges for national security. These technologies, including artificial ...

    By Anna Pederson & Julia Arnold

  • Podcast
    • March 18, 2024
    Can Europe fund its defense ambitions?

    The majority of European members of NATO are not spending as much on defense as they agreed to. But that may change as the European Union considers a move to a "war economy." ...

    By Rachel Ziemba

  • Commentary
    • Barron's
    • March 15, 2024
    A New Approach to Sanctions Is Pushing Up Energy Prices and Crimping Russia’s Revenue

    Heightened U.S. sanctions enforcement has also raised the importance of China as the buyer of last resort for Russia....

    By Rachel Ziemba

View All Reports View All Articles & Multimedia