In fact the picture is more complex.
North Korea is engaged in a daily cyberconflict with the United States and South Korea, which included an effort by the Obama administration to sabotage the North’s missile launches. And as sanctions have tightened and Pyongyang’s efforts to counterfeit $100 bills proved less successful, the North has turned to its hackers as a revenue source — often with considerable success.
Many of the activities cited in the joint report were familiar: the 2014 attack on Sony Pictures Entertainment in retaliation for the release of the comedy “The Interview,” which brought down 70 percent of Sony’s computer systems, and WannaCry 2.0, ransomware that wiped out the British health service’s computer networks in 2017. It recited the story of the North Korean-engineered effort to steal $1 billion from the Bangladesh central bank, an attack that yielded only $81 million after an alert official at the New York Federal Reserve stopped the transfers.
It also cited the “FASTCash campaign,” which has successfully taken control of A.T.M.s in Asia and Africa to get them to spew out money, in one case in 30 nations simultaneously. And it examined several efforts to hack into digital currency exchanges, which was part of a study published this year by Recorded Future. The study concluded that North Korea’s use of the internet has surged 300 percent, partly because of a new connection to the global internet through Russia. Until recently, the North had a single pipeline, via China.
While many of the details were old news to cybersecurity researchers and security engineers, there was one important new detail in the report: North Korea’s hackers are now offering their services to other cybercriminals and nation-state hackers for a fee.
“They’ve become hackers for hire,” said John Hultquist, the senior director of intelligence analysis at FireEye, a cybersecurity company. “We never knew that, and what it shows is the level to which North Korean hackers are maximizing their cybercapabilities.”
The report makes clear that North Korea’s hackers are squeezing all possible revenue from cyberattacks. Ever since the attack on Sony Pictures in 2014, when Americans got their first glimpse into the country’s hacking prowess, the North’s army of more than 6,000 hackers has been on a rampage, penetrating banks, extorting hospitals with ransomware and hitting up the exchanges that trade in digital currencies like Bitcoin and Monero for cash.
Yet their record of success is mixed. When North Korean hackers hijacked hundreds of thousands of computers all over the globe with ransomware in 2017, they neglected to give their victims a way to send the Bitcoins they demanded to unlock their data. Since then, the hackers have popped up repeatedly in attacks on cryptocurrency exchanges. In April 2018, they stole nearly $250 million worth of digital currency and laundered it through other automated currency exchanges. Last month, the Justice Department indicted and the Treasury Department imposed sanctions on two Chinese nationals it accused of laundering $100 million in cryptocurrency on behalf of North Korea’s hackers.