Search for:

In brief

On 15 April 2020, the US Departments of State, Homeland Security, and the Treasury (Treasury), and the Federal Bureau of Investigation issued an advisory warning about the cyber threat posed by North Korea, calling particular attention to banks and other financial institutions (Advisory).


The Advisory (i) highlights North Korea’s malicious cyber activities across the globe, (ii) identifies and recommends measures to counter the cyber threat, including cybersecurity best practices, and (iii) summarizes potential enforcement actions by the US Government against parties engaging in prohibited or sanctionable conduct related to North Korea’s cyber-related activities. In doing so, the Advisory sets forth the US Government’s expectation for the industry, in particular for banks and other financial institutions, to maintain robust internal controls against cyber financial crimes and cybersecurity attacks. The Advisory reminds that a failure to institute measures against North Korean cyber financial crimes and becoming exposed to malicious cyber-attacks by North Korea could result in not only financial loss but also enforcement action by the US Government.

North Korea’s malicious cyber activities across the globe

The Advisory states that North Korea’s malicious cyber activities have been a key revenue generator for the regime, from the theft of fiat currency at conventional financial institutions to cyber intrusions targeting cryptocurrency exchanges. The August 2019 UN Security Council 1718 Committee Panel of Experts report estimates that North Korea has attempted to steal as much as $2 billion, of which $571 million is attributed to cryptocurrency theft. The financial sector has been a key target of North Korea’s malicious cyber activities.

To date, the US Government has publicly attributed several cyber incidents to North Korea including the WannaCry 2.0 ransomware, which led to the US Department of Justice (DOJ) indictment and the Treasury’s sanctions against North Korean computer programmer Park Jin Hyok, and the April 2018 digital currency exchange hack, which also led to a DOJ indictment and the Treasury’s sanctions against individuals supporting the Lazarus Group.

Measures to counter the North Korea cyber threat

The Advisory urges governments, industry, civil society, and individuals to “to take all relevant actions … to protect themselves from and counter the [North Korean] cyber threat,” including for example:

  • Raise awareness of the North Korea cyber threat by highlighting the gravity, scope, and variety of malicious activities carried out by North Korea.
  • Share technical information on the cyber threat with governments and the private sector. Under the provisions of the Cybersecurity Information Sharing Act of 2015, non-federal entities may share cyber threat indicators and defensive measures related to North Korea’s malicious cyber activities with federal and non-federal entities.
  • Implement and promote cybersecurity best practices by enhancing cybersecurity infrastructure, specifically for financial institutions.  Such steps may include, sharing threat information through government and/or industry channels, segmenting networks to minimize risks, maintaining regular backup copies of data, undertaking awareness training on common social engineering tactics, implementing policies governing information sharing and network access, and developing cyber incident response plans. Annex I of the Advisory includes extensive resources, including technical alerts and malware analysis reports, to enable network defenders to identify and reduce exposure to malicious cyber activities.
  • Notify law enforcement if an organization suspects it has been the victim of a cyber-malicious activity.  For information on data security breach notification requirements more generally, please refer to our Global Data Privacy & Security Handbook found here.
  • Strengthen anti-money laundering, countering the financing of terrorism, and counter-proliferation financing compliance.  For financial institutions, these obligations include developing and maintaining effective anti-money laundering programs that cover illicit finance involving digital assets.

Possible US Government’s enforcement

The Advisory outlines possible US Government’s enforcement action against those engaging in or supporting North Korea’s cyber-related activities, including for example:

  • The US Department of Treasury’s Office of Foreign Assets Control has the authority to impose sanctions on any person determined to have, among other things:
    • Engaged in significant activities undermining cybersecurity on behalf of the Government of North Korea or the Workers’ Party of Korea;
    • operated in the IT industry in North Korea
    • engaged in certain other malicious cyber-enabled activities
  • engaged in at least one significant importation from or exportation to North Korea of any goods, services, or technology

Additionally, foreign financial institutions that knowingly conduct or facilitate significant trade with North Korea, or knowingly conduct or facilitate a significant transaction on behalf of certain designated person(s), may, among other potential restrictions, lose the ability to maintain a correspondent or payable-through account in the United States.

  • The DOJ may criminally prosecute persons who willfully violate certain sanctions laws or the Bank Secrecy Act, which requires financial institutions to, among other things, maintain effective anti-money laundering programs and file certain reports with Financial Crimes Enforcement Network.  Persons violating the BSA may face up to five years imprisonment, a fine of up to $250,000, and potential forfeiture of property involved in the violations.
Author

Sylwia Lis is a partner and member of the International Trade, Compliance and Customs Steering Committee in Baker McKenzie. She has extensive experience advising companies on US laws relating to exports and reexports of commercial goods and technology, defense trade controls and trade sanctions — including licensing, regulatory interpretations, compliance programs and enforcement matters. She also has advised clients on national security reviews of foreign investment administered by the Committee on Foreign Investment in the United States (CFIUS), including CFIUS-related due diligence, risk assessment, and representation before the CFIUS agencies.

Author

Eunkyung Kim Shin is an associate of Baker McKenzie’s International Commercial Practice Group and the International Trade Compliance Sub-Practice Group in the Chicago office. Eunkyung advices clients on various regulatory compliance and trade issues, concentrating on the US export controls such as the Export Administration Regulations (EAR) and International Traffic in Arms Regulations (ITAR), economic and trade sanctions, US customs and import laws, the US Foreign Corrupt Practices Act (FCPA), and foreign anti-bribery laws.

Author

Andrea Tovar regularly advises multinational companies on cross-border commercial transactions and complex international trade matters. Andrea is also a member of the firm’s Technology, Media & Telecommunications Global Industry Group and the California Diversity & Inclusion Committee.