On April 15, 2020, the US Departments of State, the Treasury, and Homeland Security and the Federal Bureau of Investigation issued an unusual joint advisory regarding North Korea's malign cyber activities.1 The Advisory offers the private sector—including financial institutions and money services businesses—important guidance for designing and implementing appropriate internal controls for anti-money laundering and sanctions compliance to mitigate the risks posed by North Korea's cyber threats.

MULTI-AGENCY ADVISORY AND RECOMMENDATIONS

The agencies describe their Advisory as "a comprehensive resource on the North Korean cyber threat for the international community, network defenders, and the public."2  It comprises four parts.

First, the Advisory highlights the North Korean cyber activities that target the financial sector, specifically noting that North Korea's cyber activities "pose a significant threat to the integrity and stability of the international financial system."3  It describes three key cyber tactics used by North Korea to generate revenue:

  • cyber-enabled financial theft, in which North Korean actors gain access to bank computers or infrastructure or hack cryptocurrency exchanges and users in order to steal funds;
  • extortion campaigns, in which North Korean actors gain access to an entity's computer network and threaten to shut it down unless the entity pays a ransom; and
  • "cryptojacking," in which North Korean actors use an entity's computer(s) to mine digital currencies for the benefit of North Korea.

According to a UN Panel of Experts midterm report cited by the Advisory, as of late 2019, North Korea "has attempted to steal as much as $2 billion through these illicit cyber activities."4  The Advisory further describes how North Korean cyber actors "have also been paid to hack websites and extort targets for third-party clients."5

The Advisory reinforces the understanding that in recent years, North Korea's cyber operations have grown more sophisticated and elusive. A recent report issued by Recorded Future, for example, concluded that "North Korea has developed an internet-based model for circumventing international financial controls and sanctions regimes imposed on it by multinational organizations and the West."

Second, the Advisory catalogues and describes the malicious cyber operations that the US government has, to date, publicly attributed to North Korea. These include, among others, the November 2014 hack of Sony Pictures, a February 2016 cyberattack on Bangladesh Bank, and the May 2017 WannaCry 2.0 ransomware attack. These incidents highlight the broad array of tactics used by North Korean cyber actors as well as the varied targets of those cyberattacks.

And third, the Advisory "strongly urge[s] governments, industry, civil society, and individuals to take all relevant actions" to combat and mitigate the threats posed by North Korea's cyber activities.7  In addition to raising awareness about the North Korean cyber threat, the US government recommends sharing technical information about North Korean activities both at the national and international levels and between government and the private sector. 

Finally, the Advisory provides two important recommendations for financial institutions, money services businesses, foreign-located digital asset service providers, and other entities subject to US anti-money laundering and sanctions laws, as follows:

  • First, the Advisory recommends that these entities adopt cybersecurity best practices, including network segmentation and maintenance of backup data copies, to protect against the threats. 
  • Second, the Advisory encourages organizations to notify law enforcement of suspected North Korean cyber activities and to cooperate with the US government to identify and seize forfeitable assets.

Unsurprisingly, the Advisory encourages regulated entities to ensure compliance with US anti-money laundering and sanctions compliance requirements, and reiterates the legal consequences of violating US anti-money laundering or sanctions laws, including possible sanctions designations by the Department of the Treasury's Office of Foreign Assets Control (OFAC), the imposition of significant civil monetary penalties, and criminal prosecutions by the Department of Justice. Specifically, it advises regulated entities to "develop[] and maintain[] effective anti-money laundering programs that are reasonably designed to prevent the money services business from being used to facilitate money laundering and the financing of terrorist activities." It further reminds regulated entities of their obligations to "identify[] and report[] suspicious transactions, including those conducted, affected, or facilitated by cyber events or illicit finance involving digital assets, in suspicious activity reporting to FinCEN."9 

In its annex, the Advisory identifies various resources to counter the identified cyber threat, including tools to buttress cybersecurity defenses provided by the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the US Cyber Command, and additional advisories and administrative guidance published by the Department of the Treasury to support financial crimes compliance.

The Advisory signals the US government's ongoing effort to defend the United States from the cyber threats emanating from North Korea. And importantly, it clearly sets out the agencies' expectation that financial institutions and other regulated entities maintain robust internal controls in connection with not only financial crimes compliance but also cybersecurity. Any regulated financial institution that fails to assess its exposure to North Korean cyber-enabled financial crime and subsequently finds itself ensnared in malicious cyber activity perpetrated by North Korea may be at risk not only for financial loss but also for a US government enforcement action. WilmerHale is prepared to advise clients on assessing the North Korea cyber threat and the adequacy of their internal controls to defend themselves from it. 

Footnotes

1 DPRK Cyber Threat Advisory (April 15, 2020) ["Advisory"], https://www.treasury.gov/resource-center/sanctions/Programs/Documents/dprk_cyber_threat_advisory_20200415.pdf.

2 Id. at 1; see also id., Annex 1.

3 Id.

4 Id. at 2.

5 Id.

6 Insikt Group, How North Korea Revolutionized the Internet as a Tool for Rogue Regimes, RECORDED FUTURE, https://go.recordedfuture.com/hubfs/reports/cta-2020-0209.pdf.

7 Advisory, supra note 1, at 5.

8 Id.

9 Id.

Originally Published 20 April, 2020

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.