The U.S. Department of Justice’s Rewards for Justice Program, which pays reward money for information that leads to the capture of high-profile criminals, announced earlier in the week that it had doubled its reward to $10 million for information related to the “government-linked cyber activities” of North Korea.
The Rewards for Justice Program’s statement singled out several North Korean-linked hacking groups—including hackers affiliated with the Guardians of Peace, Kimsuky, and the Lazarus Group—which it accused of conducting ransomware attacks on infrastructure in the United States. The initial reward offer of $5 million was issued in June and focused on cyberattacks against cryptocurrency exchanges and financial institutions—two lucrative institutions that North Korea’s hackers have targeted to gain funds for the ruling regime’s ballistic missile and nuclear programs. The $10 million reward on North Korea was preceded by an equal bounty on information related to attacks against critical infrastructure.
North Korean cyberattacks have grown in number and sophistication in recent years, leading the U.S. Cybersecurity and Infrastructure Security Agency, or CISA, to devote growing resources to countering North Korean cybercrime. An annual threat assessment published by the Office of the Director of National Intelligence in 2021 noted that North Korea represented “a growing espionage, theft, and attack threat,” adding that Pyongyang-linked organizations had stolen “hundreds of millions of dollars, probably to fund government priorities, such as its nuclear and missile programs.” The report also noted that cryptocurrency exchanges were particularly lucrative for North Korean hackers, as cryptocurrencies are structured to be exchanged outside of the control of governments and financial regulators, allowing North Korea to evade international sanctions.
The Rewards for Justice Program has grown in size over the past half-decade, as successive U.S. administrations have devoted greater efforts to countering cyberattacks from North Korea and other nations with alleged state-sponsored hacking programs, including China, Russia, and Iran. Foreign cyberattacks have increasingly targeted U.S. critical infrastructure, including power grids and water supplies. In May 2021, gas prices briefly shot up across the East Coast after the Colonial Pipeline, which carries oil from Texas to the southeastern United States, was targeted by a ransomware attack from the Eastern European Darkside group. The pipeline was eventually restored to operation after the operators paid the ransom in Bitcoin, and much of the money was later recovered.
Trevor Filseth is a current and foreign affairs writer for the National Interest.