The May 2022 U.S.-ROK Summit between President Joe Biden and President Yoon Suk-yeol revitalized previous bilateral commitments to establish a joint cyber working group to address the growing issue of cyber-enabled financial crime with specific emphasis on cryptocurrency, blockchain technology, and illicit North Korean cyber activity.1 This report provides specific policy recommendations for Washington and Seoul to incorporate within the cyber working group to enhance cooperation on combating and deterring cyber-enabled financial crime, especially from state-sponsored actors.
North Korea has become the greatest state-sponsored threat to the global financial services sector. From 2021 to June 2022 alone, North Korean cyber operatives and their facilitators stole more than $1 billion (in U.S. currency, as throughout this report unless otherwise indicated) in digital assets through hacking cryptocurrency exchanges and laundering the stolen funds using various financial technologies and obfuscation techniques, including cryptocurrency mixers and foreign over-the-counter brokers.2
North Korea has become the greatest state-sponsored threat to the global financial services sector...Washington and Seoul must work together to change this reality.
Pyongyang will likely maintain this position as long as the potential gains of cyber operations against financial services are greater than the potential risks and resources needed to conduct these operations. Washington and Seoul must work together to change this reality.
This report compiles the findings of a year-long research project to generate actionable policy recommendations for Washington and Seoul to incorporate within their joint cyber working group to strengthen joint deterrence against state-sponsored cyber-enabled financial crime that continues to target both U.S. and South Korean social, financial, and cyber infrastructure. Based on intensive field research and interviews with U.S. and ROK stakeholders, this report outlines current challenges to enhancing U.S.-ROK cyber coordination, details the evolution of North Korea’s cyber program and modern-day threats, provides policy recommendations for the joint cyber working group, and includes an appendix with all relevant U.S. and ROK agencies that can contribute valuable expertise to the group.
- North Korea began developing a cyber program in the mid-1980s that was supported by both domestic innovation and foreign assistance.
- Starting in the late 2000s, Pyongyang launched offensive cyber operations against South Korean government agencies, businesses, research organizations, traditional financial institutions, North Korean defectors who had resettled, and ordinary South Korean citizens for mostly politically motivated reasons.
- North Korean cybercrime significantly evolved between 2015 and 2016, with a rapid increase in cyber operations targeting both traditional and non-traditional financial institutions and technology such as cryptocurrency, blockchain, and later, decentralized finance platforms.
- Washington and Seoul possess different, but complementary, expertise and capabilities related to curbing cyber-enabled financial crime that should be considered within the joint U.S.-ROK cyber working group revitalized during the May 2022 U.S.-ROK Summit.
- Key bureaucratic and logistical differences exist between Washington and Seoul regarding how they perceive and respond to North Korea–related threats that have prevented enhanced cooperation, including:
- Political oscillation in Seoul pertaining to North Korean policy;
- Discrepancies in U.S. and ROK government perception and resource allocation toward certain state-sponsored cyber threats;
- Difficulties in properly identifying U.S.-ROK government agency counterparts.
Summary of Recommendations
The following policy recommendations seek to offer guidance to the joint U.S.-ROK cyber working group to enhance bilateral cooperation on combating and deterring cyber-enabled financial crime, with specific emphasis on state-sponsored cybercrime from actors such as North Korea. Washington and Seoul should:
- Establish a research agenda for the U.S.-ROK cyber working group to identify exploitable vulnerabilities in state-sponsored cybercrime strategy, with an initial focus on North Korea.
- Identify specific representatives from relevant U.S. and ROK government agencies to participate in the joint cyber working group. This will improve routine information sharing and joint investigations.
- Consider the joint cyber working group as a U.S.-ROK partnership to protect against any state-sponsored cyber-enabled financial crime operations.
- Issue a joint advisory guidance document on potential cybersecurity and financial risks related to social engineering hacks. This will build trust and rapport with the private sector while attempting to stymie cyber-enabled financial crime tactics.
- Organize an external advisory team of leading U.S. and ROK nongovernment researchers and private sector analysts who work on issues pertaining to the agenda of the joint working group and can offer outside assistance and advice.
The United States and South Korean governments have developed significantly different approaches to address state-sponsored cyber-enabled financial crime with specific regard to North Korea. Actors such as North Korea have rapidly adopted cryptocurrency and related financial technology as an increasingly preferred tool to facilitate cyber-enabled financial crime, and this development has highlighted the need for enhanced cooperation between Washington and Seoul. Given Pyongyang’s national priority to evade economic sanctions and expand its nuclear weapons arsenal, this massive influx of currency into North Korea raises significant security concerns for both the United States and South Korea.
While a rapidly growing number of illicit North Korean cyber activity targets the financial sector, other cybercrime state sponsors, including China and Russia, present different cybersecurity risks to the United States and South Korea, as they often target government agencies and infrastructure for information espionage, technology theft, and system shutdowns. Although the current focus of the U.S.–Republic of Korea (ROK) joint cyber working group is on North Korea–sponsored cyber-enabled financial crime efforts, Washington and Seoul should consider future research that includes cyber threats from other state-sponsored actors.
- “United States–Republic of Korea Leaders’ Joint Statement,” The White House, press release, May 21, 2022, https://www.whitehouse.gov/briefing-room/statements-releases/2022/05/21/united-states-republic-of-korea-leaders-joint-statement/; “U.S.-ROK Leaders’ Joint Statement,” The White House, press release, May 21, 2021, https://www.whitehouse.gov/briefing-room/statements-releases/2021/05/21/u-s-rok-leaders-joint-statement/. ↩
- Jason Bartlett, “Why North Korea Is the Greatest State-Sponsored Threat to the Financial Services Sector,” Korea on Point by the Sejong Institute, June 27, 2022, https://koreaonpoint.org/view.php?topic_idx=30&idx=95; Olga Kharif, Sidhartha Shukla, and Bloomberg, “Hackers Just Stole $100 Million in Crypto from Harmony’s Horizon Bridge,” Fortune, June 24, 2022, https://fortune.com/2022/06/24/hackers-steal-100-million-in-crypto-from-harmony-horizon-bridge-ethereum-binance/. ↩
More from CNAS
No Winners in This Game
Sanctioning China represents a challenge more complex than any other in the modern era of sanctions. The scale and interconnected nature of China’s economy means that the dama...
By Emily Kilcrease
Remapping Global Supply Chains
Rachel Ziemba makes her debut on the podcast to discuss what you missed at APEC while everyone was focused on Xi and Biden, prospects for growth in Venezuelan oil production, ...
By Rachel Ziemba
Hamas has been experimenting with crypto for years
Former CIA counterterrorism analyst Yaya Fanusie discusses Hamas's crypto haul amid the Israel war, arguing terrorists are 'creative folks.' Watching the full interview with ...
By Yaya J. Fanusie
Six steps to disrupt Hamas and other terrorist groups’ finances
The US government should use all available tools of national power to protect the United States and its allies, work toward the recovery of American and partner hostages, and ...
By Alex Zerden