North Korea Steals More Cryptocurrency in 2022 Than Ever Before

North Korea stole more cryptocurrency assets in 2022 than any other year, according to a confidential United Nations report obtained by Reuters. The report reveals that North Korea targeted the networks of foreign aerospace and defense companies using sophisticated cyber techniques.

The U.N. sanctions monitors submitted the report to the U.N. Security Council committee on Friday, highlighting that a higher value of cryptocurrency assets was stolen by North Korea in 2022 compared to previous years.

The report cites information from U.N. member states and cybersecurity firms, with estimates ranging from $630 million to over $1 billion in stolen virtual assets. The monitors have previously accused North Korea of using cyberattacks to fund its nuclear and missile programs, allegations that North Korea has denied.

The U.N. report on North Korea’s theft of cryptocurrency assets in 2022 has concluded that the nation used more advanced techniques to gain access to digital finance networks and steal valuable information. This includes information potentially relevant to its weapons programs. The U.N. report cites information from U.N. member states and cybersecurity firms, with South Korea estimating a loss of $630 million in virtual assets, while a cybersecurity firm calculated a theft of cryptocurrencies worth over $1 billion in 2022. A U.S. blockchain analytics firm recently arrived at a similar conclusion.

What is the ultimate objective here? The report will be made publicly available later this month or early next month and states that tracking stolen funds has become more challenging due to the increasing sophistication of cyberthreat actors.

Most of the cyber attacks were executed by groups controlled by North Korea’s Reconnaissance General Bureau and included hacking teams named Kimsuky, Lazarus Group, and Andariel. The report highlights that these actors targeted individuals for extortion and to gather information of value to the North Korean government, including its weapons programs.

The U.N. report also mentions that the groups used various tactics including phishing and deploying malware, often making initial contact via LinkedIn and then delivering malicious payloads via continued communications on WhatsApp.

A North Korean-linked group known as HOlyGhOst reportedly extorted ransoms from small and medium-sized companies in several countries by distributing ransomware. The U.N. sanctions monitors had previously reported that North Korea had generated approximately $2 billion over several years for its weapons of mass destruction programs through widespread and sophisticated cyberattacks.