“Weekend Briefing” is a weekly newsletter sent to subscribers of The Readable every Friday. Our journalists select important news items from the previous week on topics ranging from privacy to policy development in cybersecurity, all to help you stay abreast of the latest breaking issues. And not only is this provided free of cost to our subscribers, but the briefing contains new content exclusive to subscribers, such as our insightful industrial reports.
This week, South Korea, Japan, and the United States issued a joint statement addressing North Korea’s ongoing cryptocurrency thefts. The announcement came as the three nations conducted joint military drills, which North Korea strongly condemned as “provocations.” Related stories include additional U.S. government announcements on undersea cables and a new executive order focused on cybersecurity.
This is Dain Oh reporting from South Korea, and here is your weekend briefing.
1. [DPRK cybercrime] Joint statement on cryptocurrency thefts by the Democratic People’s Republic of Korea and public-private collaboration
The United States, Japan, and South Korea have issued a joint warning about North Korea’s escalating cybercrime activities, which primarily target the blockchain and cryptocurrency industries. Advanced cyber operations, including those carried out by groups like the Lazarus Group, have been linked to major thefts, such as $308 million from DMM Bitcoin and $50 million from Upbit in 2024. These crimes threaten global financial stability and help fund North Korea’s illicit weapons and missile programs. The DPRK employs sophisticated techniques, including social engineering, malware, and the use of deceptive IT workers embedded in international projects, to carry out these operations.
To address these threats, the three nations have implemented collaborative measures to strengthen cyber defense and recover stolen funds. Public-private partnerships, such as the Illicit Virtual Asset Notification program (IVAN) and Crypto-ISAC in the U.S., along with similar initiatives in South Korea and Japan, aim to disrupt North Korea’s cybercrime activities. Businesses, particularly in the blockchain and freelance sectors, are urged to adopt robust cyber threat mitigation practices to avoid unintentionally supporting DPRK operations.
The statement reaffirms the commitment of the United States, Japan, and South Korea to counter North Korea’s cyber threats through sanctions, enhanced cybersecurity cooperation, and capacity-building efforts across the Indo-Pacific region. These initiatives emphasize the importance of collective action to safeguard the integrity of the international financial system and prevent the financing of illicit activities.
2. [Case related to DPRK] South Korean cryptocurrency exchange CEO sentenced for espionage in North Korea-linked case
The CEO of a South Korean cryptocurrency exchange, identified as Mr. Lee, 41, has been sentenced to four years in prison for violating the National Security Act, according to multiple news outlets based in South Korea. He was convicted of attempting to leak military secrets to a suspected North Korean agent in exchange for cryptocurrency valued at approximately 7 billion won (about $6 million). The Seoul Central District Court emphasized the severity of the crime, noting its potential threat to national security, although no actual breach occurred because the targeted military officer refused to cooperate.
The court revealed that Lee attempted to recruit an active-duty military officer to obtain classified information, including access to the Korea Joint Command and Control System (KJCCS). He provided hacking tools, such as a “Poison Tab” device, designed to enable remote access to military systems. Although the officer declined to cooperate, the court emphasized the significant risk posed by Lee’s actions.
Between July 2021 and March 2022, Lee acted on instructions from an alleged North Korean operative he had met through a cryptocurrency community. In exchange for two cryptocurrency payments totaling $600,000, Lee attempted to carry out espionage activities but was ultimately unsuccessful. The court stressed the importance of strict punishment to deter similar threats to national security.
3. [DPRK’s reaction] North Korea warns of stronger action over South’s drills with US, Japan
North Korea has issued a stern warning in response to joint military drills conducted by South Korea, the United States, and Japan, which included U.S. B-1B heavy bombers flying over the Korean Peninsula, AFP reported Friday. Pyongyang’s foreign ministry condemned the exercises as “provocations,” claiming they strengthen North Korea’s resolve to protect its sovereignty and security interests. The drills, which North Korea views as invasion rehearsals, have heightened tensions amid its ongoing weapons tests, including the launch of a purported hypersonic missile.
Experts suggest that North Korea’s recent missile launches are a calculated signal to the incoming U.S. administration under President-elect Donald Trump, emphasizing the regime’s nuclear ambitions. South Korea has reiterated that North Korea’s nuclear status “cannot be recognized” and has pledged to work closely with the U.S. toward denuclearization. Relations between the Koreas remain at a historic low, fueled by repeated North Korean missile tests that violate UN sanctions.
Adding complexity to the situation, U.S. intelligence reports suggest North Korea’s involvement in the Ukraine conflict, with the regime allegedly deploying troops to support Russia. In exchange, Russia is believed to be providing North Korea with advanced satellite and space technology. These developments highlight the increasing security threats posed by North Korea and the broader geopolitical implications of its alliances.
4. [AI for cybersecurity] How AI and ML are transforming cloud security amid rising cyber threats – The Readable
As businesses increasingly rely on cloud platforms to store critical data and run services, the threat landscape has become more sophisticated. According to Check Point Software Technologies, 61% of organizations experienced a cloud security incident in 2024, with 21% resulting in data breaches. Cybercriminals, equipped with advanced tools, relentlessly probe cloud environments looking for vulnerabilities.
In response, cloud providers are ramping up their security measures, with artificial intelligence (AI) and machine learning (ML) taking the spotlight. These technologies not only improve response times but also revolutionize the detection, prediction, and prevention of cyberattacks. READ MORE
5. [Undersea cables] US meeting on protecting undersea cables – The White House
Recent incidents involving undersea cables in the Baltic Sea have underscored the critical need to protect this infrastructure, which is essential for public services, international commerce, and digital economic prosperity. Anne Neuberger, the U.S. Deputy National Security Advisor for Cyber and Emerging Technology, met with Nordic-Baltic counterparts to strengthen regional and NATO-led cooperation. They reaffirmed the principles of the New York Joint Statement on undersea cable security, emphasizing global collaboration to ensure the resilience, reliability, and maintenance of these vital networks.
Key initiatives discussed included improving real-time information sharing among governments, allies, and private sector stakeholders; fostering public-private partnerships to enhance repair and maintenance capabilities; and encouraging commercial cable operators to create centralized repositories for tracking damage and repair efforts. Streamlining equipment transportation for quicker repairs was also prioritized.
This coordinated approach aims to strengthen undersea cable security through enhanced NATO collaboration and ongoing U.S.-Nordic-Baltic consultations, addressing the growing threats to this vital infrastructure.
- Related article: Western powers face greater challenges than expected in protecting undersea cables from espionage, analysts warn READ MORE
- Related article: Feature: Undersea cables and maritime security READ MORE
6. [National cybersecurity] New executive order on strengthening and promoting innovation in the nation’s cybersecurity – The White House
The Executive Order addresses escalating cyber threats targeting U.S. government systems, corporations, and individuals. It introduces measures to strengthen cybersecurity, including the adoption of AI-based tools, the transition to post-quantum cryptography, and enhanced security for federal systems. Key initiatives include stricter sanctions against cyber attackers, ensuring secure software development for both government and private sector use, and launching public-private partnerships for AI-driven cyber defense.
To combat identity fraud, which costs Americans $56 billion annually, the order promotes privacy-preserving digital identities and early warning fraud systems. It also emphasizes reducing bureaucracy in federal cybersecurity procurement, incentivizing secure consumer products through the Cyber Trust Mark, and safeguarding critical infrastructure, such as space systems, which are essential for national security and global commerce.
The Executive Order highlights the urgency of advancing cybersecurity to protect essential services, mitigate economic losses, and defend against future quantum-computing-enabled threats. These comprehensive measures aim to strengthen the U.S.’s digital resilience and maintain its leadership in cybersecurity innovation.
7. [Chinese hackers in US] Chinese hackers accessed Yellen’s computer in US Treasury breach – Bloomberg
Chinese state-sponsored hackers infiltrated the computers of U.S. Treasury Secretary Janet Yellen and other senior officials, accessing unclassified files and sensitive data. More than 400 Treasury devices were compromised, with attackers stealing usernames, passwords, and over 3,000 files, including “law enforcement sensitive” data related to the Committee on Foreign Investment in the U.S. (CFIUS). While the breach did not impact classified systems, it targeted Treasury’s roles in sanctions, intelligence, and international affairs.
The hackers, linked to the group Silk Typhoon (UNC5221), operated covertly outside of regular hours to evade detection. The attack, disclosed by contractor BeyondTrust Corp., led the Treasury to alert federal agencies, including the FBI and CISA, and brief lawmakers on Capitol Hill. This breach follows previous allegations of Chinese cyberattacks on U.S. government officials, highlighting ongoing cybersecurity challenges.
China has denied involvement, calling the accusations baseless. However, the breach underscores the ongoing threat posed by state-sponsored cyber actors to critical U.S. government functions and sensitive international operations.
Editor’s note: The summaries of each article were created by ChatGPT 4o and reviewed by Dain Oh.
