City of San Francisco Cityscape. Downtown San Francisco, California, United States.

In brief

On 15 April 2020, the US Departments of State, Homeland Security, and the Treasury (Treasury), and the Federal Bureau of Investigation issued an advisory warning about the cyber threat posed by North Korea, calling particular attention to banks and other financial institutions (Advisory).


The Advisory (i) highlights North Korea’s malicious cyber activities across the globe, (ii) identifies and recommends measures to counter the cyber threat, including cybersecurity best practices, and (iii) summarizes potential enforcement actions by the US Government against parties engaging in prohibited or sanctionable conduct related to North Korea’s cyber-related activities. In doing so, the Advisory sets forth the US Government’s expectation for the industry, in particular for banks and other financial institutions, to maintain robust internal controls against cyber financial crimes and cybersecurity attacks. The Advisory reminds that a failure to institute measures against North Korean cyber financial crimes and becoming exposed to malicious cyber-attacks by North Korea could result in not only financial loss but also enforcement action by the US Government.

North Korea’s malicious cyber activities across the globe

The Advisory states that North Korea’s malicious cyber activities have been a key revenue generator for the regime, from the theft of fiat currency at conventional financial institutions to cyber intrusions targeting cryptocurrency exchanges. The August 2019 UN Security Council 1718 Committee Panel of Experts report estimates that North Korea has attempted to steal as much as $2 billion, of which $571 million is attributed to cryptocurrency theft. The financial sector has been a key target of North Korea’s malicious cyber activities.

To date, the US Government has publicly attributed several cyber incidents to North Korea including the WannaCry 2.0 ransomware, which led to the US Department of Justice (DOJ) indictment and the Treasury’s sanctions against North Korean computer programmer Park Jin Hyok, and the April 2018 digital currency exchange hack, which also led to a DOJ indictment and the Treasury’s sanctions against individuals supporting the Lazarus Group.

Measures to counter the North Korea cyber threat

The Advisory urges governments, industry, civil society, and individuals to “to take all relevant actions … to protect themselves from and counter the [North Korean] cyber threat,” including for example:

  • Raise awareness of the North Korea cyber threat by highlighting the gravity, scope, and variety of malicious activities carried out by North Korea.
  • Share technical information on the cyber threat with governments and the private sector. Under the provisions of the Cybersecurity Information Sharing Act of 2015, non-federal entities may share cyber threat indicators and defensive measures related to North Korea’s malicious cyber activities with federal and non-federal entities.
  • Implement and promote cybersecurity best practices by enhancing cybersecurity infrastructure, specifically for financial institutions.  Such steps may include, sharing threat information through government and/or industry channels, segmenting networks to minimize risks, maintaining regular backup copies of data, undertaking awareness training on common social engineering tactics, implementing policies governing information sharing and network access, and developing cyber incident response plans. Annex I of the Advisory includes extensive resources, including technical alerts and malware analysis reports, to enable network defenders to identify and reduce exposure to malicious cyber activities.
  • Notify law enforcement if an organization suspects it has been the victim of a cyber-malicious activity.  For information on data security breach notification requirements more generally, please refer to our Global Data Privacy & Security Handbook found here.
  • Strengthen anti-money laundering, countering the financing of terrorism, and counter-proliferation financing compliance.  For financial institutions, these obligations include developing and maintaining effective anti-money laundering programs that cover illicit finance involving digital assets.

Possible US Government’s enforcement

The Advisory outlines possible US Government’s enforcement action against those engaging in or supporting North Korea’s cyber-related activities, including for example:

  • The US Department of Treasury’s Office of Foreign Assets Control has the authority to impose sanctions on any person determined to have, among other things:
    • Engaged in significant activities undermining cybersecurity on behalf of the Government of North Korea or the Workers’ Party of Korea;
    • operated in the IT industry in North Korea
    • engaged in certain other malicious cyber-enabled activities
  • engaged in at least one significant importation from or exportation to North Korea of any goods, services, or technology

Additionally, foreign financial institutions that knowingly conduct or facilitate significant trade with North Korea, or knowingly conduct or facilitate a significant transaction on behalf of certain designated person(s), may, among other potential restrictions, lose the ability to maintain a correspondent or payable-through account in the United States.

  • The DOJ may criminally prosecute persons who willfully violate certain sanctions laws or the Bank Secrecy Act, which requires financial institutions to, among other things, maintain effective anti-money laundering programs and file certain reports with Financial Crimes Enforcement Network.  Persons violating the BSA may face up to five years imprisonment, a fine of up to $250,000, and potential forfeiture of property involved in the violations.
Previous articleFrance: French ordinance passed to strengthen law combating money laundering and the financing of terrorism
Next articleEU: EDPB publishes updated guidelines on consent under the GDPR