PYONGYANG, NORTH KOREA – SEPTEMBER 09: High angle view of buildings in the city center, Pyongan … [+]
Corbis via Getty Images
North Korea’s internet usage has quadrupled since 2017, a new report claims, reflecting attempts to generate illegal income following US sanctions.
According to Recorded Future, North Korea has been stealing and mining cryptocurrencies, stealing from banks and carrying out low-level financial crime. It has hit financial organizations and cryptocurrency exchanges in at least 35 countries, say the researchers, raising up to $2 billion.
“For the North Korean political and military elite, the 2019 data show that the internet is not simply a fascination or leisure activity, but is a critical tool for revenue generation, gaining access to prohibited technologies and knowledge, and operational coordination,” the researchers write.
“Further, we assess that North Korea has developed an internet-based model for circumventing international financial controls and sanctions regimes imposed on it by multinational organizations and the West.”
The increased traffic has been made possible by increasing use of the Russian-routed TransTelekom infrastructure and of some of North Korea’s previously unresolved IP space, along with the introduction of new mail servers, FTP servers and DNS name servers.
The researchers also claim that that North Korea has created its own unique virtual private network (VPN) by exploiting domain name service (DNS).
“This VPN uses a technique called DNS tunneling, which refers to when the DNS process is used not for a domain resolution, but to transfer data or tunnel inside of a closed network,” they say.
“We assess that this technique could be used by North Korean users to exfiltrate data from the networks of unsuspecting targets, or as a means of circumventing government-imposed content controls.”
And with the country having recently improved the accessibility of its four state-run insurers, they suggest that there may be plans to ramp up insurance fraud.
Meanwhile, there’s been a ten-fold increase in Monero mining from North Korean IP ranges since May 2019, probably thanks to the cryptocurrency’s anonymity and low processing powere requirements.
The research coincides with a new report from the US National Counterintelligence and Security Center (NCSC) which found North Korea to be one of the most active threat actors targeting the US.
The main targets, it says, are critical infrastructure, key supply chains, the U.S. economy, American democratic institutions and cyber and technical operations.
North Korean targets have included Sony, hacked in 2014, several banks and Windows machines around the world, hit by the WannaCry malware in 2017.
“At its most basic, North Korea has developed a model that leverages the internet as a mechanism for sanctions circumvention that is distinctive, but not exceptional,” the Recorded Futures researchers warn.
“This model is unique but repeatable, and most concerningly can serve as an example for other financially isolated nations, such as Venezuela, Iran, or Syria, for how to use the internet to circumvent sanctions. “