Four U.S. federal agencies on Wednesday jointly issued an advisory that warns of ongoing North Korea-sponsored cyberthreat operations, and offers a reward of up to $5 million for information on such operations.
The communication, issued by the State Department, the Department of Homeland Security, the Treasury Department and the FBI, details the Democratic People’s Republic of Korea's (DPRK) recent efforts to target the financial sector with malicious cyber activity. This includes cyber-enabled financial theft and money laundering, cryptojacking and extortion campaigns whereby threat actors disrupt a victim's systems and demand payment to restore proper functionality.
The advisory also reiterates past accusations that the DPRK is responsible for the Sony Pictures data breach, an $81 million cyber heist victimizing the central bank of Bangladesh and the worldwide spread of WannaCry 2.0 ransomware.
According to widespread reports from government agencies and independent cyber experts, North Korea is behind the activities of a group widely known as Hidden Cobra, or Lazarus.
"The DPRK's malicious cyber activities threaten the United States and the broader international community and, in particular, pose a significant threat to the integrity and stability of the international financial system," the advisory states. "Under the pressure of robust U.S. and UN sanctions, the DPRK has increasingly relied on illicit activities – including cybercrime – to generate revenue for its weapons of mass destruction and ballistic missile programs."
"The DPRK also uses cyber capabilities to steal from financial institutions, and has demonstrated a pattern of disruptive and harmful cyber activity that is wholly inconsistent with the growing international consensus on what constitutes responsible State behavior in cyberspace," the report continues.
In their joint advisory, the agencies recommend some basic mitigative actions to reduce the threat of a Hidden Cobra attack. Suggestions include increasing awareness of the DPRK threat, improved sharing of technical information (nationally and internationally), implementing best practices, notifying law enforcement of incidents, and implementing Financial Action Task Force (FATF) standards on Anti-Money Laundering, Countering the Financing of Terrorism and Counter-Proliferation Financing (CPF) Compliance.
The maximum $5 million reward is made possible via the Department of State’s Rewards for Justice program.