U.S.-ROK Strategy for Enhancing Cooperation on Combating and Deterring Cyber-Enabled Financial Crime

Pyongyang will likely maintain this position as long as the potential gains of cyber operations against financial services are greater than the potential risks and resources needed to conduct these operations. Washington and Seoul must work together to change this reality.

This report compiles the findings of a year-long research project to generate actionable policy recommendations for Washington and Seoul to incorporate within their joint cyber working group to strengthen joint deterrence against state-sponsored cyber-enabled financial crime that continues to target both U.S. and South Korean social, financial, and cyber infrastructure. Based on intensive field research and interviews with U.S. and ROK stakeholders, this report outlines current challenges to enhancing U.S.-ROK cyber coordination, details the evolution of North Korea’s cyber program and modern-day threats, provides policy recommendations for the joint cyber working group, and includes an appendix with all relevant U.S. and ROK agencies that can contribute valuable expertise to the group.

Main Takeaways

• North Korea began developing a cyber program in the mid-1980s that was supported by both domestic innovation and foreign assistance.
• Starting in the late 2000s, Pyongyang launched offensive cyber operations against South Korean government agencies, businesses, research organizations, traditional financial institutions, North Korean defectors who had resettled, and ordinary South Korean citizens for mostly politically motivated reasons.
• North Korean cybercrime significantly evolved between 2015 and 2016, with a rapid increase in cyber operations targeting both traditional and non-traditional financial institutions and technology such as cryptocurrency, blockchain, and later, decentralized finance platforms.
• Washington and Seoul possess different, but complementary, expertise and capabilities related to curbing cyber-enabled financial crime that should be considered within the joint U.S.-ROK cyber working group revitalized during the May 2022 U.S.-ROK Summit.
• Key bureaucratic and logistical differences exist between Washington and Seoul regarding how they perceive and respond to North Korea–related threats that have prevented enhanced cooperation, including:
  • Political oscillation in Seoul pertaining to North Korean policy;
  • Discrepancies in U.S. and ROK government perception and resource allocation toward certain state-sponsored cyber threats;
  • Difficulties in properly identifying U.S.-ROK government agency counterparts.

Summary of Recommendations

The following policy recommendations seek to offer guidance to the joint U.S.-ROK cyber working group to enhance bilateral cooperation on combating and deterring cyber-enabled financial crime, with specific emphasis on state-sponsored cybercrime from actors such as North Korea. Washington and Seoul should:

1. Establish a research agenda for the U.S.-ROK cyber working group to identify exploitable vulnerabilities in state-sponsored cybercrime strategy, with an initial focus on North Korea.
2. Identify specific representatives from relevant U.S. and ROK government agencies to participate in the joint cyber working group. This will improve routine information sharing and joint investigations.
3. Consider the joint cyber working group as a U.S.-ROK partnership to protect against any state-sponsored cyber-enabled financial crime operations.
4. Issue a joint advisory guidance document on potential cybersecurity and financial risks related to social engineering hacks. This will build trust and rapport with the private sector while attempting to stymie cyber-enabled financial crime tactics.
5. Organize an external advisory team of leading U.S. and ROK nongovernment researchers and private sector analysts who work on issues pertaining to the agenda of the joint working group and can offer outside assistance and advice.

Introduction

The United States and South Korean governments have developed significantly different approaches to address state-sponsored cyber-enabled financial crime with specific regard to North Korea. Actors such as North Korea have rapidly adopted cryptocurrency and related financial technology as an increasingly preferred tool to facilitate cyber-enabled financial crime, and this development has highlighted the need for enhanced cooperation between Washington and Seoul. Given Pyongyang’s national priority to evade economic sanctions and expand its nuclear weapons arsenal, this massive influx of currency into North Korea raises significant security concerns for both the United States and South Korea.

While a rapidly growing number of illicit North Korean cyber activity targets the financial sector, other cybercrime state sponsors, including China and Russia, present different cybersecurity risks to the United States and South Korea, as they often target government agencies and infrastructure for information espionage, technology theft, and system shutdowns. Although the current focus of the U.S.–Republic of Korea (ROK) joint cyber working group is on North Korea–sponsored cyber-enabled financial crime efforts, Washington and Seoul should consider future research that includes cyber threats from other state-sponsored actors.