The US government is willing to pay up to $5 million for information on North Korea’s hackers and their ongoing hacking operations.
The reward for reporting North Korean hackers was announced today in a joint report published by the Departments of State, Treasury, Homeland Security, and the Federal Bureau of Investigation. The joint report contains a summary of North Korea’s recent cyber operations and is based on a UN Security Council report published last year that details the country’s tactic of using hackers to raise funds for the Pyongyang regime, as a novel way to bypass international sanctions.
Observed tactics include:
- Attacks and thefts from banks and other financial entities
- Attacks and thefts from cryptocurrency exchanges
- Cryptojacking operations — where North Korean hackers compromise servers worldwide to mine cryptocurrency
- Various types of extortion campaigns, such as:
- – Compromising an entity’s network and threatening to shut it down unless the victim pays a ransom
- – Getting paid to hack websites on behalf of third-party clients, and then extorting the targets
- – Charging victims “long-term paid consulting arrangements” in order to prevent future attacks
US officials say a lot of these attacks have targeted the financial sector, from where North Korean hackers have stolen funds in excess of $2 billion, which have been laundered back into the hermit kingdom. The US says these hacks are now posing “a significant threat to the integrity and stability of the international financial system.”
The US government also issued a stern warning to companies that may be engaging with North Korean entities and might be, directly or indirectly, helping North Korean hackers launder stolen funds. Consequences include sanctions and seizure of funds and assets, officials said.