North Korea is turning to cryptocurrency scams to raise money and circumvent sanctions, a new report says.
The biggest change in North Korea’s recent cyber activities has been the exploitation of the cryptocurrency ecosystem, Recorded Future, a threat intelligence firm, said in a report published on Thursday. Cryptocurrencies are decentralized, encrypted digital currencies, such as Bitcoin and they don’t rely on financial intermediaries like banks and governments.
In June, Recorded Future researchers began to notice a large amount of data transfer associated with altcoin currencies – a cryptocurrency other than Bitcoin – and discovered a blockchain scam, called Marine Chain Platform, tied to North Korea, according to the report.
One prominent Marine Chain Platform employee tracked down by researchers was the CEO, a man named Capt. Jonathan Foong Kah Keong.
Foong has been connected to Singaporean companies that have assisted North Korean sanctions circumvention efforts since at least 2013, the report said.
"Cryptocurrencies are highly fluid, volatile, and in many cases, anonymous tools that are used by North Koreans to circumvent international identification and financial controls," Priscilla Moriuchi, director of strategic threat development at Recorded Future and author of the report, told Fox News in an email.
This can make it impossible to track the coins to an end recipient. Monero is one example of a cryptocurrency used by North Korea.
The North Koreans may also be using an anonymous cryptocurrency tool called a mixer, Moriuchi said. A mixer divides each transaction up into thousands of separate transactions each of very tiny amounts of the currency.
"A mixer is basically a legal money launderer," she said.
"North Korea has been working for decades to circumvent international financial controls and sanctions through drug trafficking, illegal arms sales, shipping, counterfeiting [and other activities]. But this is the first time we have demonstrated that the two networks, the virtual one that works to raise revenue through online operations and the physical one, have converged," she said in an email.
Moreover, these kinds of cryptocurrency scams fit the description of low-level financial crime described by defectors, the report added. And it fits with North Korea’s playbook for raising money.
“North Korea uses its military, intelligence service, diplomatic establishments, and overseas citizens as a vast criminal enterprise. Each is tasked with supporting the Kim regime by innovating and conducting revenue-generating schemes and sending that money back to North Korea,” Moriuchi added.
North Koreans active in China
The report also addresses the internet activity of North Koreans in China, especially in the Chinese academic sector. There are a handful of universities that Recorded Future assesses “with moderate confidence” host, or have hosted, North Korean students, teachers, or partners.
The universities mentioned include Shanghai Jiaotong University, Jiangxi Normal University, Tsinghua University and a host of others.
“There is an increasing amount of evidence that North Korean cyber operators are trained at a basic level domestically, then sent overseas to obtain further education,” Recorded Future’s Moriuchi said.
“Defector testimonies and our own data indicate that China and India are two countries that may be used by North Koreans to obtain additional computer science training and where North Koreans may actually conduct cyber operations from,” Moriuchi added.