North Korea's cyber capabilities and financial networks pose a threat to Southeast Asia's growing, yet vulnerable, cryptocurrency sector, according to British defense and security think tank Royal United Services Institute.
North Korea has been heavily sanctioned for years by the United Nations, the United States and other countries over its nuclear and missile ambitions. The reclusive state has also been accused of using cyberattacks to gain financial resources needed to keep its nuclear programs going.
The lifting of sanctions is vitally important to North Korea. It was in part due to disagreement over sanctions that saw the collapse of a second summit meeting between its leader Kim Jong Un and U.S. President Donald Trump in Hanoi, Vietnam in February.
In a report Monday, London-based RUSI said that as sanctions bite, the country has shown an increasing interest in virtual assets. It cited the alleged hijacking of crypto exchanges in South Korea as well as 2017's "WannaCry" global ransomware attack.
"North Korea has gone to extremes to raise funds and evade international sanctions, recently expanding these efforts to include the exploitation of cryptocurrencies such as Bitcoin," David Carlisle, a former official at the U.S. Treasury department's office of terrorism and financial intelligence, and Kayla Izenman, a financial crime and terrorist finance expert, wrote in the report.
"As a determined and sophisticated cyber actor in need of financial resources, North Korea is likely to continue to find ways of obtaining and exploiting cryptocurrencies," they said in their report, "Closing the Gap: Guidance for Countering North Korean Cryptocurrency Activity in Southeast Asia."
The WannaCry attack "signaled North Korea's interest in, and ability to exploit, cryptocurrencies," they said. And its cyber skills, coupled with the constant need for funds amid the squeeze of sanctions, point to the risk of a "sustained security challenge," they added.
CNBC could not reach North Korea's foreign ministry for comment on Monday but the country has in the past vehemently denied allegations of cybercrime.
In September, for example, the official Korean Central News Agency carried comments by a foreign ministry official denying involvement in the WannaCry attack, instead calling the United States the "chief culprit responsible for posing security threats in cyberspace."
Southeast Asia's growing virtual asset sector and lack of coordinated regulation present what Carlisle and Izenman called a "systemic risk" vulnerable to exploitation by North Korea, which they stressed has long used its countries to mitigate sanctions.
"North Korean networks have engaged in fundraising and have evaded trade and financial restrictions through the use of front companies, agents and deceptive financial techniques at banks across the region," they wrote.
"Because Southeast Asia is also host to a growing number of cryptocurrency businesses and users, countries in the region could prove vulnerable to North Korea's cryptocurrency-related activity as well," the report said.
"North Korea could cash out its cryptocurrency profits by relying on its extensive overseas financial networks to open and operate accounts at cryptocurrency exchanges in the region," they said.
The report said Singapore is seen as leading the way in crypto-asset regulation in Southeast Asia, while Malaysia, the Philippines and Thailand are working to regulate cryptocurrency exchanges in line with guidance from the intergovernmental Financial Action Task Force, which sets global standards for fighting money laundering and terrorist financing.
But the report's authors stressed that Southeast Asian countries need to take a series of measures, including assessing their risks and weaknesses in relation to North Korea, coordinating a regional regulatory response and beefing up law enforcement training to reduce their vulnerability — some of which they noted are already under way.
"If carried out with the appropriate urgency and in line with global … standards, countries in the region can succeed in making themselves less vulnerable to the risks of North Korean cryptocurrency activity," they said.