Recent estimates suggest that North Korea has amassed approximately $3 billion through a series of ransomware attacks targeting businesses and other cyber-attacks on cryptocurrency trading platforms. These illicit gains are believed to be directed towards supporting Kim Jong Un’s nuclear ambitions.
A UN report, corroborated by Reuters News Agency, indicates that the Democratic People’s Republic of Korea has engaged in the theft of cryptocurrency and proceeds from ransom payments, channeling these funds into the development of its nuclear infrastructure.
Under mounting sanctions from nations like the UK and the USA, the North Korean regime appears to be intensifying its cyber warfare efforts. It is projected to expand its range of attack vectors in order to double its earnings over the next two years, with purported agreements in place with nations led by Putin and Xi Jinping.
In response to these revelations, the UK’s GCHQ arm, NCSC, has issued a cautionary advisory to Western nations, urging them to reinforce their critical infrastructure. Concerns have been raised regarding espionage activities, such as the planting of malware (as seen in the Volt Typhoon campaign) within critical infrastructure components supplied by certain Asian nations, notably China. This infiltration reportedly dates back to 2017, during Boris Johnson’s tenure as Prime Minister.
Additionally, the US law enforcement, under the leadership of President Joe Biden, has intensified its pursuit of the Hive Ransomware group. The State Department has recently announced a formal reward of up to $10 million for individuals providing actionable intelligence on key leaders associated with the Hive Ransomware operations.
Although the FBI had partially dismantled Hive’s computer network in July 2022, the criminal group managed to resume its activities from October 2023 on-wards, targeting victims across more than 80 countries. The FBI aims to disrupt these operations and is offering substantial rewards for information leading to the apprehension of the perpetrators, ensuring anonymity and confidentiality for informants.
In a separate development, Hyundai Motors Europe has fallen prey to the BlackBasta Ransomware group. Reports indicate that the attack occurred in January of this year, marking a disturbing trend for the automotive giant. This isn’t the first time Hyundai has faced such a threat; back in April 2023, the company endured a similar incident when a notorious criminal gang claimed responsibility for a hack involving spyware. Further details regarding the recent cyber-attack on Hyundai’s operations are expected to emerge soon, shedding light on the extent of the breach and its potential impacts.