F20221125092229962.pdf (556 KB)

The INSS report describes North Korea’s shift since the mid-2010s toward financially motivated cyber operations against banks, cryptocurrency exchanges, wallets, and related services to generate foreign currency under sanctions. It cites ransomware, bank drops, DDoS, supply-chain intrusions, spear phishing, Monero mining, repeated Bithumb and other Korean exchange thefts, and the March 2022 Axie Infinity/Ronin incident as representative activity linked to Lazarus or North Korean operators. The report frames U.S. responses as a mix of sanctions, dedicated cybercrime units, warnings and public reporting, counter-hacking to recover stolen funds, reward programs, and international cooperation on ransomware and anti-money-laundering controls.