www.politico.com
Open in
urlscan Pro
2606:4700:4400::ac40:9205
Public Scan
URL:
https://www.politico.com/news/2023/12/21/north-korea-missiles-program-hackers-00132871
Submission: On December 23 via manual from US — Scanned from US
Submission: On December 23 via manual from US — Scanned from US
Form analysis 2 forms found in the DOM
GET https://www.politico.com/search
<form class="slide-search__form" action="https://www.politico.com/search" method="get">
<input class="slide-search__input" type="search" name="q" id="searchTerm" aria-label="Search for any story" placeholder="Enter search term...">
<button class="slide-search__run" type="submit" aria-label="Start search"><b class="bt-icon bt-icon--search"></b><span class="icon-text">Search</span></button>
<button class="slide-search__close" id="search-close" type="button"><b class="bt-icon bt-icon--close" aria-label="Close Search"></b></button>
</form><form class="form-section">
<input type="hidden" name="subscribeId" value="0000014f-1646-d88f-a1cf-5f46b7bd0000">
<input type="hidden" name="processorId" value="00000179-61ab-d60d-a9f9-f5bf392e0000">
<input type="hidden" name="validateEmail" value="true">
<input type="hidden" name="enhancedSignUp" value="true">
<input type="hidden" name="bot-field" value="" class="dn">
<input type="hidden" name="subscriptionModule" value="newsletter_inline_standard_Playbook - POLITICO" class="dn">
<input type="hidden" name="captchaUserToken" value="" autocomplete="off">
<input type="hidden" name="captchaPublicKey" value="6LfS6L8UAAAAAAHCPhd7CF66ZbK8AyFfk3MslbKV" autocomplete="off">
<div class="sign-up-21--msg sign-up-21--msg-spinner" aria-hidden="true">
<div class="msg-content">
<p>Loading</p>
<svg class="sign-up-21--msg-icon-lg sign-up-21--spinner-icon-lg" xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 24 24" fill="none" stroke="#4D8AD2" stroke-width="1" stroke-linecap="round" stroke-linejoin="round">
<line x1="12" y1="2" x2="12" y2="6"></line>
<line x1="12" y1="18" x2="12" y2="22"></line>
<line x1="4.93" y1="4.93" x2="7.76" y2="7.76"></line>
<line x1="16.24" y1="16.24" x2="19.07" y2="19.07"></line>
<line x1="2" y1="12" x2="6" y2="12"></line>
<line x1="18" y1="12" x2="22" y2="12"></line>
<line x1="4.93" y1="19.07" x2="7.76" y2="16.24"></line>
<line x1="16.24" y1="7.76" x2="19.07" y2="4.93"></line>
</svg>
</div>
</div>
<div class="sign-up-21--msg sign-up-21--msg-completed" aria-live="assertive" aria-hidden="true">
<div class="msg-content">
<p>You will now start receiving email updates</p>
<svg class="sign-up-21--msg-icon-lg" width="48" height="48" viewBox="0 0 48 48" fill="none" xmlns="http://www.w3.org/2000/svg">
<path
d="M44 22.1597V23.9997C43.9975 28.3126 42.601 32.5091 40.0187 35.9634C37.4363 39.4177 33.8066 41.9447 29.6707 43.1675C25.5349 44.3904 21.1145 44.2435 17.0689 42.7489C13.0234 41.2543 9.56931 38.4919 7.22192 34.8739C4.87453 31.2558 3.75958 26.9759 4.04335 22.6724C4.32712 18.3689 5.99441 14.2724 8.79656 10.9939C11.5987 7.71537 15.3856 5.43049 19.5924 4.48002C23.7992 3.52955 28.2005 3.9644 32.14 5.71973"
stroke="#4D8AD2" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
<path d="M44 8L24 28.02L18 22.02" stroke="#4D8AD2" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
</svg>
</div>
</div>
<div class="sign-up-21--msg sign-up-21--msg-already-subscribed" aria-live="assertive" aria-hidden="true">
<div class="msg-content">
<p>You are already subscribed</p>
<svg class="sign-up-21--msg-icon-lg" xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="1" stroke-linecap="round" stroke-linejoin="round">
<path d="M14 9V5a3 3 0 0 0-3-3l-4 9v11h11.28a2 2 0 0 0 2-1.7l1.38-9a2 2 0 0 0-2-2.3zM7 22H4a2 2 0 0 1-2-2v-7a2 2 0 0 1 2-2h3"></path>
</svg>
<a href="/newsletters" target="_top"></a>
</div>
</div>
<div class="sign-up-21--msg sign-up-21--msg-error" aria-live="assertive" aria-hidden="true">
<div class="sign-up-21--msg-close">
<svg width="20" height="20" viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg">
<path id="close" fill-rule="evenodd" clip-rule="evenodd"
d="M17.513 16.6291L10.8839 9.99995L17.513 3.37082L16.6291 2.48694L10 9.11606L3.37088 2.48694L2.487 3.37082L9.11613 9.99995L2.487 16.6291L3.37088 17.513L10 10.8838L16.6291 17.513L17.513 16.6291Z" fill="#000"></path>
</svg>
</div>
<div class="msg-content">
<p style="color:#9E352C">Something went wrong</p>
</div>
</div>
<fieldset class="form-container active">
<div class="form-row row-email">
<div class="form-row-container">
<label class="data-form-label" for="email" aria-hidden="true">Email</label>
<span class="sign-up-21--error-msg" aria-hidden="true">
<span class="sign-up-21--exclamation">!</span>
<span id="email-hint">Please make sure that the email address you typed in is valid</span>
</span>
<div class="form-row-container--input">
<input type="email" name="subscribeEmail" aria-label="Email" placeholder="Your Email" required="">
</div>
</div>
</div>
<div class="form-row row-secondary-questions active">
<div class="sign-up-21--secondary-questions-container">
<div class="form-row-container">
<label class="data-form-label" aria-hidden="true">Employer</label>
<div class="form-row-container--input">
<input type="text" name="job_employer" required="" aria-label="Employer" placeholder="Employer">
</div>
</div>
<div class="form-row-container">
<label class="data-form-label" aria-hidden="true">Job Title</label>
<div class="form-row-container--input">
<input type="text" name="job_title" required="" aria-label="Job Title" placeholder="Job Title">
</div>
</div>
</div>
</div>
<div class="form-row row-notice">
<span class="sign-up-21--notice">
<span class="color-red">*</span> All fields must be completed to subscribe. </span>
<button type="submit" class="submit-button" aria-disabled="true">Sign Up</button>
</div>
<div class="row-bottom">
<p class="form-policy"> By signing up, you acknowledge and agree to our <a href="https://www.politico.com/privacy" target="_blank">Privacy Policy</a> and <a href="https://www.politico.com/terms-of-service" target="_blank">Terms of Service</a>.
You may unsubscribe at any time by following the directions at the bottom of the email or by <a href="https://www.politico.com/feedback" target="_blank">contacting us here</a>. This site is protected by reCAPTCHA and the Google
<a href="https://policies.google.com/privacy" target="_blank">Privacy Policy</a> and <a href="https://policies.google.com/terms" target="_blank">Terms of Service</a> apply. </p>
<button type="submit" class="submit-button" aria-disabled="true"> Sign Up </button>
</div>
</fieldset>
</form>Text Content
Skip to Main Content
POLITICO POLITICO LOGO
* Congress
* Pro
* E&E News
* Search
Search
WASHINGTON & POLITICS
* Congress
* White House
* Elections
* Legal
* Magazine
* Foreign Affairs
2024 ELECTIONS
* News
* Results
* GOP Candidate Tracker
STATE POLITICS & POLICY
* California
* Florida
* New Jersey
* New York
GLOBAL POLITICS & POLICY
* Brussels
* Canada
* United Kingdom
POLICY NEWS
* Agriculture
* Cannabis
* Cybersecurity
* Defense
* Education
* Energy & Environment
* Finance & Tax
* Health Care
* Immigration
* Labor
* Sustainability
* Technology
* Trade
* Transportation
NEWSLETTERS
* Playbook
* Playbook PM
* West Wing Playbook
* POLITICO Nightly
* POLITICO Weekend
* The Recast
* Huddle
* All Newsletters
COLUMNISTS
* Alex Burns
* John Harris
* Jonathan Martin
* Michael Schaffer
* Jack Shafer
* Rich Lowry
SERIES & MORE
* Breaking News Alerts
* Podcasts
* Video
* The Fifty
* Women Rule
* Matt Wuerker Cartoons
* Cartoon Carousel
POLITICO LIVE
* Upcoming Events
* Previous Events
FOLLOW US
* Twitter
* Instagram
* Facebook
* My Account
* Log In Log Out
Cybersecurity
TO STEM NORTH KOREA’S MISSILES PROGRAM, WHITE HOUSE LOOKS TO ITS HACKERS
The Biden administration is doing more to counter North Korean hackers amid
concerns their cryptocurrency heists are powering the country’s weapons
programs.
A February 2023 broadcast shows an image of a North Korean military parade held
in Pyongyang. The Biden administration believes cryptocurrency heists have
become a lifeline for the regime's weapons program. | Jung Yeon-Je/AFP via Getty
Images
By John Sakellariadis
12/22/2023 05:00 AM EST
*
*
* * Link Copied
* *
*
*
The Biden administration has spent much of the last two years bracing key U.S.
networks and infrastructure against crippling cyberattacks from Russia, Iran and
China.
But it is following a different playbook as it ramps up its efforts to thwart
digital threats from North Korea: Follow the crypto — and stop it.
Convinced North Korea primarily sees hacking as a way to funnel money back to
the cash-strapped Kim Jong Un regime, the White House has focused on blocking
the country’s ability to launder the cryptocurrency it steals through its
cyberattacks.
In the last year, the administration has unveiled a flurry of sanctions against
North Korean hacking groups, front companies and IT workers, and blacklisted
multiple cryptocurrency services they use to launder stolen funds. Earlier this
month, national security adviser Jake Sullivan announced a new partnership with
Japan and South Korea aimed at cracking down on Pyongyang’s crypto bonanza —
thereby choking off money to its nuclear and conventional weapons programs.
“In countering North Korean cyber operations, our first priority has been
focusing on their crypto heists,” Anne Neuberger, the National Security
Council’s top cybersecurity official, said in an interview.
The stepped-up effort to blunt North Korea’s cyber operations is fueled by
growing alarm about where the fruits of those attacks are going, Neuberger said.
Hacking, she argued, has enabled North Korea to “either evade sanctions or evade
the steps the international community has taken to target their weapons
proliferation … their missile regime, and the growth in the number of launches
we’ve seen.”
Poor regulation and shoddy security in the fast-growing cryptocurrency industry,
which is dominated by start-ups, make it an easy target for Pyongyang’s hackers.
Because of crypto’s inbuilt privacy features and the fact that it can be sent
across borders at the click of a mousepad, it also offers a powerful tool to
circumvent sanctions.
North Korea has conducted roughly 100 ballistic missile tests in the last year,
and it staged its first intercontinental ballistic missile test in five months
on Monday. Between November and August, it also exported more than a million
artillery shells to Russia, according to South Korean intelligence services.
U.S. officials increasingly believe the key to slowing that type of activity
lies at the intersection of hacking and cryptocurrency.
Last year, Pyongyang-linked hackers stole roughly $1.7 billion worth of digital
money, according to estimates from cryptocurrency tracing firm Chainalysis.
And in May, Neuberger estimated that about half of North Korea’s missile program
is funded by cyberattacks and cryptocurrency theft.
North Korean hackers “directly fund” North Korea’s weapons of mass destruction
and ballistic missile programs, said State Department spokesperson Vedant Patel.
Until recently, North Korea’s cyber prowess has garnered relatively little
attention in Washington. Fear of digital strikes spilling over from the
conflicts in Ukraine and Gaza, or during a possible Chinese invasion of Taiwan,
has overshadowed the issue, experts say.
Cybersecurity
How hackers piled onto the Israeli-Hamas conflict
By Antoaneta Roussi and Maggie Miller | October 15, 2023 12:00 PM
“People tend to think, … how could the quote-unquote ‘Hermit Kingdom’ possibly
be a serious player from a cyber perspective?” Adam Meyers, a senior vice
president at cybersecurity firm CrowdStrike, said in an interview. “But the
reality couldn’t be further from the truth.”
Pyongyang’s hackers have repeatedly caught Western companies off-guard with
their technical ingenuity, an ability to blend old-fashioned spy tricks with
cyber operations and sheer brazenness, according to private sector researchers.
And while those who study North Korean cyber operations say their proficiency at
stealing cryptocurrency represents a major challenge to the West today, they
also argue it would be dangerous to pigeonhole Pyongyang as little more than a
money-stealing threat.
By some metrics, North Korea has launched more than a dozen supply-chain attacks
in the last year — a sophisticated tactic in which hackers compromise the
software delivery pipeline to get nearly unfettered access to a wide range of
companies.
The significance of those attacks has been “extremely underplayed in the
public,” said Tom Hegel, a threat researcher at cybersecurity firm SentinelOne,
because they caused little harm outside the direct victims of the attacks —
often individuals or obscure cryptocurrency startups.
But some of the same techniques they’ve honed in targeting those firms could
have been used to cause widespread digital disruption, say cybersecurity
experts.
In April, researchers at cybersecurity firm Mandiant uncovered that North Korean
hackers had pulled off the first publicly known instance of a “double” software
supply-chain hack — jumping from one software maker into a second and from there
to the company’s customers.
Mandiant assessed the hackers were after cryptocurrency. Had they wanted to,
however, the North Koreans could have used tactics like that to inflict “a
massive level of damage,” said SentinelOne’s Hegel.
What North Korea “is able to do on a global scale, no one has replicated,” added
Mick Baccio, global security adviser at security firm Splunk.
Asked about her level of concern that North Korean hackers had grown more
capable and could pivot to destructive activity, Neuberger acknowledged
Pyongyang’s hackers are “capable, creative and aggressive.”
But she said the White House was confident the North Koreans are focused on
stealing money or intellectual property that could be used for the country’s
weapons programs. She also argued that cutting off the profitability of North
Korea’s hacks is one of the best ways to deter them.
“The goal is to aggressively cut the profitability of the regime’s hacking,” she
said.
North Korea’s proficiency in computer warfare has surprised onlookers for almost
a decade now.
MOST READ
1. ‘YOU NO LONGER REPRESENT US’: NEW JERSEY MUSLIMS MOBILIZE AGAINST LONGTIME
CONGRESSMAN OVER ISRAEL STANCE
2. TRUMP VOWS A PEACEFUL TRANSFER OF POWER IF REELECTED
3. NEWSOM PANS EFFORTS TO BLOCK TRUMP FROM CALIFORNIA BALLOT
4. WHAT TRUMP HAS TO FEAR FROM THE MICHIGAN TAPE
5. IN TRUMP’S UNFOLDING LEGAL DRAMA, ‘THE CAMPAIGN WILL BE CONDUCTED IN A
COURTROOM’
They famously burst onto the public consciousness in 2014, when Pyongyang’s
operatives hacked into Sony Pictures Entertainment and threatened the movie
studio against releasing “The Interview,” a raunchy comedy that portrayed the
assassination of Kim Jong Un. Years later, in 2017, they unleashed a
self-spreading computer virus that is estimated to have caused billions of
dollars in damages in a matter of hours.
But in addition to the growing technical proficiency of North Korean hackers, it
is the volume and variety of their activity that has recently alarmed onlookers.
In the last 18 months, U.S. intelligence agencies have warned that Pyongyang is
targeting think tanks and academics to collect intelligence and staging
ransomware attacks — in which they scramble victims’ data until they pay an
extortion fee — against U.S. healthcare companies.
More recently, the Justice Department, FBI and Treasury Department have also
accused Pyongyang of dispatching thousands of tech workers to Russia and China,
where they secured remote IT jobs with global companies under a false identity,
and then funneled their salaries back to the regime.
In one recent case that received little attention outside the region, North
Korean hackers conspired with insiders at a South Korean data recovery company
to bilk millions from unwitting victims of Pyongyang’s attacks.
Just a fraction of that money appears to have found its way back to Pyongyang,
according to South Korean law enforcement. But the scheme dated back to 2017 and
involved a variant of ransomware that was not previously linked to Pyongyang.
The case speaks to how creative the country has gotten at finding ways to avoid
scrutiny and skirt international sanctions, said Erin Plante, vice president of
investigations at Chainalysis.
“It shows that they’re always thinking outside the box, evolving and keeping up
with the news in the same way we do, which is a little bit scary,” she said.
Michael Barnhart, a North Korea expert at cybersecurity firm Mandiant, said the
scheme was reminiscent of several other operations the country’s hacking forces
have pulled off in recent memory — some of which are not yet public.
The common theme, he argued, was how adept Pyongyang has become at mixing cyber
operations with more traditional spying and money laundering tactics.
“This is a very, very well-organized criminal family,” he said.
* Filed under:
* White House,
* Cyber Security,
* North Korea,
* Foreign Affairs,
* Hacking,
* Cyberattack
POLITICO
*
*
* * Link Copied
* *
*
*
PLAYBOOK
The unofficial guide to official Washington, every morning and weekday
afternoons.
Playbook
The unofficial guide to official Washington, every morning and weekday
afternoons.
By signing up, you acknowledge and agree to our Privacy Policy and Terms of
Service. You may unsubscribe at any time by following the directions at the
bottom of the email or by contacting us here. This site is protected by
reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Loading
You will now start receiving email updates
You are already subscribed
Something went wrong
Email ! Please make sure that the email address you typed in is valid
Employer
Job Title
* All fields must be completed to subscribe. Sign Up
By signing up, you acknowledge and agree to our Privacy Policy and Terms of
Service. You may unsubscribe at any time by following the directions at the
bottom of the email or by contacting us here. This site is protected by
reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Sign Up
Sponsored
Continue watching
How to Increase Sales and Interest by Boosting Your Company's Online Presence
SPONSORED CONTENT
Recommended by
* About Us
* Advertising
* Breaking News Alerts
* Careers
* Credit Card Payments
* Digital Edition
* FAQ
* Feedback
* Headlines
* Photos
* POWERJobs
* Press
* Print Subscriptions
* Request A Correction
* Write For Us
* RSS
* Site Map
* Terms of Service
* Privacy Policy
* Do Not Sell or Share My Personal Information and Opt Out of Targeted
Advertising
© 2023 POLITICO LLC
COOKIE SETTINGS
At this time, only residents from certain U.S. States have the right to opt-out.
To disable cookies, please use your device settings. You can learn more about
our privacy practices by reading our Privacy Policy
COOKIES
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then some
or all of these services may not function properly.
* STRICTLY NECESSARY COOKIES
Always Active
These cookies are necessary for the website to function and cannot be
switched off in our systems. They are usually only set in response to actions
made by you which amount to a request for services, such as setting your
privacy preferences, logging in or filling in forms. You can set your browser
to block or alert you about these cookies, but some parts of the site will
not then work.
ADVERTISING, ANALYTICS, FUNCTIONAL AND PERFORMANCE COOKIES
Advertising, Analytics, Functional and Performance Cookies
Back Button
COOKIE LIST
Search Icon
Filter Icon
Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
Confirm My Choices