A spate of hacks and thefts of large sums of money over the last few years have begun to show a penchant for North Korea's hacking unit called the Lazarus Group, to attack the SWIFT banking systems across the globe. These attacks have been leveraged by North Korea to augment their financial situation after sanctions and aggressive moves by the US and other countries in interdicting the Hermit Kingdom's illicit money generating activities.
The most spectacular attack in 2016 was a failed attempt at transferring a large sum of money, which was foiled because the Lazarus team misspelled something in the system process of transfer. A later attack in 2016 was the WanaCry malware campaign that has been linked to the DPRK as well. This attack was in the form of ransomware, a program that encrypts the hard drive of the user who accidentally activated it from a phishing email. This malware was different though from the common type because of NSA code that was leaked by unknown entities calling themselves “The Shadow Brokers” which enabled this ransomware to spread on the network without needing users to help it.
While Wanacry was a failure financially, as was the failed SWIFT attack I mentioned above, the North Koreans have succeeded in stealing millions from banks across the world and this trend will continue and more to the point, will likely escalate as the sanctions the United States approved in September go into effect. Additionally, since the tensions have escalated in recent past with the nuclear ambitions being fulfilled in North Korea, the program will require more money as well. This will allow for the escalation by Kim Jong Un, to open the flood gates on more Lazarus operations within the criminal sphere to include more financial heists.
Having learned from their mistakes, the North Koreans will continue on with their SWIFT attacks on banks and transfer monies as well as potentially use more of the NSA leaked malware code to perhaps create new strains of ransomware that could be leveraged against large swaths of organizations and perhaps countries in gambits like the Sony attack. This however would be more extortion than anything else but if you look at it from the DPRK point of view, what is there to lose?
This all may sound quite Ian Fleming James Bond villain-esque but the reality is that in the world of hacking and crime, this kind of activity is still evolving and now that the nation state of North Korea has opened Pandora's box, there is little to stop them if the goals of sowing chaos and potentially gaining funds have no real blowback. After all, what would happen next if they were tied to another attack on financial systems? More sanctions? The world would be hard pressed to have any kind of norms work on the Hermit Kingdom.
The Chinese have a saying about living in “Interesting Times” and I believe we are about to see those times play out on the world financial stage, as we squeeze the kingdom more and more with sanctions, while they escalate their need for hard cash for nuclear programs and solid control over Un's populace.