June 24, 2021
SALT LAKE CITY – June 24, 2021 — North Korea is successfully pioneering a new model of state-sponsored cybercrime that could create a dangerous blueprint for other rogue states to follow, researchers from Venafi®, the inventor and leading provider of machine identity management, warned today. Venafi’s threat intelligence specialists analyzed publicly available information on North Korean-sponsored cybercriminal groups – such as Lazarus and APT38 – and their methods over the past four years to gain insights into how these groups operate – noting the differences between the actions of threat actors from a rogue state and those that are somewhat confined by international law.
Venafi researchers have concluded that cybercrime has become a primary means of revenue generation for North Korea, helping the state to work outside international sanctions. Some estimates suggest that cybercrime profits for North Korea may amount to as much as $1 billion each year. According to the UN Security Council as much $2 billion is already making its way directly into the nation’s weapons programme. In addition, funds generated by cybercrime support the North Korean economy, countering the impact of economic sanctions. As such, cybercrime is essential to the ongoing survival of the Kim Jong Un dictatorship – a regime that has been accused of widespread human rights abuses and nuclear proliferation, threatening others in the region and the wider global community.
The cybercrime model of North Korea could create a blueprint for other nations to develop similar programs. Without international action, Venafi warns that this could result in escalating cyber guerrilla warfare, putting all nations at significant risk.
“The world needs to start taking this threat more seriously,” said Yana Blachman, threat intelligence specialist at Venafi. “North Korean attacks are often more brazen and reckless than those sponsored by other states because they are not afraid of getting caught – this makes them particularly dangerous. North Korea gives the cybercriminals it sponsors free reign to engage in highly destructive, global attacks, such as the 2017 attacks on Windows users worldwide that used the WannaCry ransomware, which affected more than 200,000 users across at least 150 countries. North Korea is setting an example that other rogue states can follow; states such as Belarus and even Myanmar can see that cybercrime offers them a way of countering the worst effects of sanctions, while making themselves more of a threat to the wider community.”
North Korea sponsors criminal groups such as Lazarus and APT38 through its military-affiliated ‘Reconnaissance General Bureau’ (RGB). These groups are known to target business and governments worldwide via methods such as ATM cashout schemes, cryptomining and cryptocurrency theft, and even cyber bank heists. For example, the $101 million heist of the Bangladesh Bank via the SWIFT banking system was carried out by North Korea. Several of these attacks are characterised by their use of code signing certificates, which serve as machine identities making it possible for businesses to trust the software they use.
“North Korea’s use of code signing machine identities makes its attacks particularly hard to defend against,” continued Blachman. “Stealing code-signing machine identities equips North Korean cybercriminals with the ability to pass off their own malicious software as legitimate software from a genuine developer. It also enables them to execute devastating supply chain attacks. The problem is that there’s currently not enough awareness and security around the importance of machine identities. This lack of focus allows North Korean cybercriminals to take advantage of a serious blindspot in software supply chain attacks. Without more co-ordination and collaboration among businesses and governments to address the tactics used by North Korean cybercriminals, these threats will only get worse, and other global pariahs will sense their own opportunities.”
For more information, please visit:
https://www.venafi.com/blog/north-korean-cyberattacks-can-inspire-other-rogue-nations
Lorem ipsum dolor sit amet, consectetur elit.
Thank you for subscription
Scroll to the bottom to accept
VENAFI CLOUD SERVICE
*** IMPORTANT ***
PLEASE READ CAREFULLY BEFORE CONTINUING WITH REGISTRATION AND/OR ACTIVATION OF THE VENAFI CLOUD SERVICE (“SERVICE”).
This is a legal agreement between the end user (“You”) and Venafi, Inc. ("Venafi" or “our”). BY ACCEPTING THIS AGREEMENT, EITHER BY CLICKING A BOX INDICATING YOUR ACCEPTANCE AND/OR ACTIVATING AND USING THE VENAFI CLOUD SERVICE FOR WHICH YOU HAVE REGISTERED, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THESE TERMS AND CONDITIONS, IN WHICH CASE THE TERMS "YOU" OR "YOUR" SHALL REFER TO SUCH ENTITY AND ITS AFFILIATES. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS, YOU MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE SERVICE.
You shall not access the Service if You are Our competitor or if you are acting as a representative or agent of a competitor, except with Our prior written consent. In addition, You shall not access the Service for purposes of monitoring its availability, performance or functionality, or for any other benchmarking or competitive purposes, and you shall not perform security vulnerability assessments or penetration tests without the express written consent of Venafi.
This Agreement was last updated on April 12, 2017. It is effective between You and Venafi as of the date of Your accepting this Agreement.
The Venafi Cloud Service includes two separate services that are operated by Venafi as software as a service, each of which is separately licensed pursuant to the terms and conditions of this Agreement and each of which is considered a Service under this Agreement: the Venafi Cloud Risk Assessment Service or the Venafi Cloud for DevOps Service. Your right to use either Service is dependent on the Service for which You have registered with Venafi to use.
This License is effective until terminated as set forth herein or the License Term expires and is not otherwise renewed by the parties. Venafi may terminate this Agreement and/or the License at any time with or without written notice to You if You fail to comply with any term or condition of this Agreement or if Venafi ceases to make the Service available to end users. You may terminate this Agreement at any time on written notice to Venafi. Upon any termination or expiration of this Agreement or the License, You agree to cease all use of the Service if the License is not otherwise renewed or reinstated. Upon termination, Venafi may also enforce any rights provided by law. The provisions of this Agreement that protect the proprietary rights of Venafi will continue in force after termination.
This Agreement shall be governed by, and any arbitration hereunder shall apply, the laws of the State of Utah, excluding (a) its conflicts of laws principles; (b) the United Nations Convention on Contracts for the International Sale of Goods; (c) the 1974 Convention on the Limitation Period in the International Sale of Goods; and (d) the Protocol amending the 1974 Convention, done at Vienna April 11, 1980.
In the meantime, please explore more of our solutions
In the meantime, please explore more of our solutions
This site uses cookies to offer you a better experience. If you do not want us to use cookies, please update your browser settings accordingly. Find out more on how we use cookies.