Skip links

US puts $10 million bounty on North Korean cyber-crews

The US is offering up to $10 million for information on members of state-sponsored North Korean threat groups, double the amount that the State Department announced in April.

The agency’s Rewards for Justice program this week said it will cough up the cash for intelligence related to “government-linked cyber activities” in North Korea, including leads on people involved with such state-sponsored groups like Andariel, APT38, BlueNoroff, Guardians of Peace, Kimsuky, and Lazarus Group who are targeting critical infrastructure in the US.

The latest notice is part of a larger ongoing campaign by the State Department and other US government agencies of offering bounties for information regarding cyberattacks from North Korea or other countries against the United States, particularly involving such sectors as critical infrastructure – such as power grids and water and food supplies – as well as federal elections.

The $5 million offered involved information on North Korean-linked cyberattacks on cryptocurrency exchanges and financial institutions used to support that country’s nuclear and ballistic missile programs and to get around sanctions placed by the United States and other countries. A month later came another $5 million reward for information that could disrupt such North Korean activities as cryptocurrency theft and cyber-espionage campaigns.

Last week the Reward for Justice program announced another $10 million reward program in conjunction with the FBI for information related to any attacks on US critical infrastructure.

North Korea is ranked among the leading state-sponsored cybercrime countries, along with the likes of Russia, Iran and China. According to a report last year by the German Council on Foreign Relations (DGAP), the country’s cyber activities address three goals – to cause disruption, cyber-espionage, and raising money – and aren’t going anywhere.

“Activities in cyber space exhibit a particularly favorable ratio of benefits, costs and risks,” Elisabeth Shu, research fellow for DGAP’s Security and Defense Program, wrote in the report.

“They facilitate the pursuit and fulfillment of the above-mentioned strategic purposes, without being cost-intensive or particularly risky. While the initial set-up and development of knowhow and trained personnel is time-intensive, maintaining and improving cyber capabilities then requires relatively low levels of material and human resources.”

The US Cybersecurity and Infrastructure Security Agency (CISA) and other agencies – including the FBI, Department of Homeland Security, and the National Security Agency – have been tracking North Korean-linked cybercrime for years. CISA two years ago created a web page dedicated to information about North Korea and its cyber activities.

In addition, the annual threat assessment report last year from the Office of the Director of National Intelligence stated that “North Korea’s cyber program poses a growing espionage, theft, and attack threat. … North Korea has conducted cyber theft against financial institutions and cryptocurrency exchanges worldwide, potentially stealing hundreds of millions of dollars, probably to fund government priorities, such as its nuclear and missile programs.”

CISA – at times in conjunction with other government agencies – has issued about 20 advisories about North Korean cyber efforts since 2017. Most recently in April, the agency warned of cryptocurrency thefts and attacks in the blockchain space by APT38, which includes Lazarus Group, BlueNoroff and Stardust Chollima.

Blockchain analytics firm Chainalysis in a report earlier this year said that North Korean threat groups stole more than $400 million in digital assets in seven attacks in 2021, in attacks against investment firms and cryptocurrency exchanges. Another blockchain analytics company, Elliptic, pinned the theft of $100 million from blockchain startup Harmony in June on Lazarus.

The US Treasury in April said Lazarus and BlueNoroff were behind the theft of $540 million from Ronin Bridge, an Ethereum-based network that supports Axie Infinity, a blockchain video game.

In 2021, the US Department of Justice indicted three suspected Lazarus members of stealing $1.3 billion from banks, ATMs, entertainment companies, and crypto businesses. ®