Event Recaps

Empowering Financial Institutions in Latin America to Counter North Korean State-Sponsored Cyber Threats

By Anna Kim, CRDF Global Project Associate, Counterproliferation

As part of its mission to counter North Korean efforts to evade UN sanctions and fund its weapons of mass destruction (WMD) and missile programs, CRDF Global convened a training workshop in San José, Costa Rica on June 19–20, 2023, for 19 cybersecurity and IT professionals from Chile, Costa Rica, Argentina, and Ecuador. North Korea has targeted financial institutions across Latin America in recent years with spear phishing and other social engineering attacks, resulting in $41 billion US dollars in total losses across Latin America in 2020 alone. The region has also seen North Korea-affiliated cyber threat actors, including the Lazarus Group, target critical infrastructure with malware and infiltrate ATM networks. With the generous support of Global Affairs Canada’s (GAC’s) Weapons Threat Reduction Program (WTRP), CRDF Global partnered with global cybersecurity firm Mandiant to develop a workshop covering topics such as the global cyber threat landscape, state-sponsored cyber actors, incident response, and threat hunting. Mandiant’s Carlos Ayala presented several region-specific case studies to highlight common North Korean attack tactics and indicators of compromise, noting the North Korean hacks of a Guatemalan bank and the Central American Online Network. Using these cases as a foundation, Mr. Ayala presented mitigation best practices for similar cyberattacks and led a discussion with participants on identifying insider threats that create vulnerabilities at their organizations.

During the second day of training, Mandiant’s Joseph Dobson led a full-day workshop on intelligence-led threat hunting featuring three tabletop exercises. Participants were asked to work through threat scenarios together, with a focus on employing intelligence collection and analysis throughout to supplement the threat hunt process. These exercises allowed participants to apply knowledge on phishing prevention, medium-intelligence threats, and validating threat hunt results. CRDF Global appreciated the presence of Political Counselor Hanna Wajda from Canada’s Embassy to Costa Rica, who opened the second workshop session with remarks on GAC’s commitment to and the continued importance of promoting cyber resilience and nonproliferation against North Korean threats in Costa Rica and throughout the region.

Mandiant’s Carlos Ayala presents on global cyberattack patterns and trends

The workshop featured in-depth discussion between trainers and participants, with participants sharing their institutions’ experiences, which allowed the trainers to more specifically tailor modules and exercises. Feedback gathered from participants following the training noted that they enjoyed the continuous Q&A with trainers and that the threat hunt workshop would be particularly useful for their cybersecurity work. Participants also all indicated that they would share their knowledge and insights at their organizations, by coordinating meetings with relevant stakeholders at their institutions or through informal interactions with their colleagues.

With the continued support of GAC’s WTRP, CRDF Global will continue to convene capacity-building workshops in 2023 and 2024 on cybersecurity and counterproliferation for audiences including financial institutions, critical infrastructure sectors, and sanctions compliance professionals.

To learn more about CRDF Global’s work in counterproliferation, please click here.