North Korea

The U.S. State Department has increased rewards paid to anyone providing information on any North Korean-sponsored threat groups' members to $10 million.

"If you have information on any individuals associated with the North Korean government-linked malicious cyber groups (such as Andariel, APT38, Bluenoroff, Guardians of Peace, Kimsuky, or Lazarus Group) and who are involved in targeting U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act, you may be eligible for a reward," the Department revealed Tuesday.

These increased bounties add to rewards of up to $5 million announced by the State Department in March for info on DPRK-backed threat actors targeting crypto exchanges and financial institutions worldwide to support the North Korean regime's illicit activities.

One month later, the FBI linked the largest crypto hack ever to two North Korean hacking groups, Lazarus and BlueNorOff (aka APT38), saying they were responsible for the theft of $620 million in Ethereum from Axie Infinity's Ronin network bridge.

Two years ago, in April 2020, the U.S. government issued guidance on North Korean hacking activity in a joint advisory published by the U.S. Department of State, Treasury, Homeland Security, and the FBI.

At the time, the State Department added in a DPRK Cyber Threat Advisory that it would reward any tips on North Korean hackers' cyber activity with up to $5 million if it leads to their identification or location or the disruption of DPRK-related illicit activities.

North Korean malicious activity

Cyber-theft and espionage campaigns targeting financial institutions and digital currency exchanges have been attributed to multiple North Korean hacking groups in the past.

"They develop and deploy a wide range of malware tools around the world to enable these activities and have grown increasingly sophisticated," the State Department said.

As part of their malicious activity, the U.S. government has previously said that Pyongyang-linked hackers have used various tactics to raise revenue illicitly, including cyber-enabled financial theft and money laundering, crypto-jacking campaigns, and extortion operations.

Three Lazarus Group members were charged in the U.S. in February 2021 for stealing $1.3 billion in attacks targeting banks, the entertainment industry, cryptocurrency companies, and other organizations worldwide.

In 2019, the U.S. Treasury Department sanctioned three North Korean hacking groups (Lazarus Group, Bluenoroff, and Andariel) for funneling financial assets they stole in cyberattacks to the North Korean government.

A confidential United Nations report also revealed the same year that North Korean state hackers had stolen an estimated $2 billion in dozens of cyberattacks targeting banks and crypto exchanges worldwide.

Additional information regarding North Korean malicious activity in the form of previous alerts released through the U.S. National Cyber Awareness System is available here.

Related Articles:

US offers up to $15 million for tips on ALPHV ransomware gang

US govt sanctions Iranians linked to government cyberattacks

US State Department investigates alleged theft of government data

New executive order bans mass sale of personal data to China, Russia

DPRK hacking groups breach South Korean defense contractors