US Agencies Issue Alert on North Korea Cyber Threat

The advisory highlights the powers US agencies have to subpoena foreign FIs that maintain a correspondent bank account in the US to gain access to customer records stored overseas.

The US Departments of State, the Treasury, and Homeland Security, and the FBI have issued an advisory on the cyber threat posed by North Korea, providing recommended steps to mitigate the threat.

“The DPRK’s malicious cyber activities threaten the United States and the broader international community and, in particular, pose a significant threat to the integrity and stability of the international financial system,” the advisory says.

Under pressure from US and UN sanctions, North Korea has increasingly relied on illicit activities – including cybercrime – to generate revenue for its weapons of mass destruction and ballistic missile programmes, it adds.

> ALSO READ: OFAC Sanctions Two Chinese Nationals Over Stolen Cryptocurrency (4 Mar 2020)

Nicknamed ‘Hidden Cobra’, North Korea’s malicious cyber activities could disrupt US critical infrastructure or be used to steal from financial institutions and digital currency exchanges and launder the funds through multiple jurisdictions, the agencies warn.

“Financial institutions, including money services businesses, should take independent steps to protect against malicious DPRK cyber activities.” These steps include sharing of threat information, segmenting networks to minimise risks, maintaining regular backups of data, and developing cyber incident response plans, among other recommendations.

> ALSO READ: FSB Consults on Cyber Incident Response and Recovery Toolkit (20 Apr 2020)

The advisory also recommends the implementation of the FATF (Financial Action Task Force) standards in individual jurisdictions, to ensure financial institutions employ risk mitigation measures to prevent money laundering and terrorism financing activities.

Foreign financial institutions that knowingly conduct or facilitate transactions with North Korea may lose the ability to maintain a correspondent or payable-through account in the US, among other potential restrictions, and face criminal prosecution if they fail to maintain effective AML programmes or file suspicious transaction reports.

> ALSO READ: OFAC Quietly Blocks Payments with Indirect Links to North Korea – Report (15 Feb 2020)

Notably, the advisory highlights the powers of the Treasury and Attorney General to subpoena a foreign financial institution that maintains a correspondent bank account in the US to gain access to customer records stored overseas.

US financial institutions will be ordered to terminate correspondent banking relationships – with foreign financial institutions that fail to comply with such a subpoena – within ten business days, on threat of daily civil penalties.

According to industry sources, US prosecutors consider a June 2019 District Court decision that upheld the Department of Justice’s power to subpoena information from three Chinese banks with correspondent accounts in the US to be a watershed moment in their efforts to investigate North Korea’s circumvention of US sanctions.

Last Friday (17 April), a UN panel of experts released a report accusing North Korea of violating UN prohibitions on coal exports and restrictions on refined petroleum imports – with the apparent help of China’s shipping industry.  Most of the coal exports were said to be transferred from North Korean ships to Chinese barges, some of which are self-propelled, making them easier to evade detection.

The report – which was removed from public view later in the day – also accuses North Korea of continuing to illegally access international banking channels through the third party intermediaries and engage in cyber attacks on financial institutions and cryptocurrency exchanges to gain illicit revenue.

To Top