The United Nations is investigating 35 North Korean cyberattacks across 17 countries, according to a report published Aug. 13 by the AP. This follows last week’s leaked summary of the report, stating that $2 billion had been hacked by the nation thus far to fund weapons programs.

The majority of incidents being probed were carried out via one of three main attack vectors.

South Korea bore the brunt of most attacks

South Korea is by far the favorite target, suffering 10 of the attacks detailed in the report, with India next, being victim of three attacks. However, incidents being investigated have taken place in countries across Africa, Central and South America, South East Asia, the Middle East and Europe.

Three key methodologies to avoid sanctions

Some of the most audacious hacks have been on the Society for Worldwide Interbank Financial Telecommunication system. In one instance, a group headhunted a Chilean interbank employee through LinkedIn. Another hack installed malware on an entire nations ATM system resulting in 10,000 fraudulent cash distributions across 20 countries.

Cryptocurrency exchanges and users are also popular target vectors. South Korean exchange, Bithumb has been attacked at least four times. After one 2018 attack on an unnamed exchange, stolen funds “were transferred through at least 5,000 separate transactions and further routed to multiple countries before eventual conversion.”

The final method of raising funds is via cryptocurrency mining, often through crypto-jacking. This involves installing malware onto a computer which then uses system resources to mine cryptocurrency on behalf of the attacker. The UN analyzed one piece of malware designed to mine the privacy-focused altcoin Monero and send the proceeds to servers at Kim Il-Sung University in Pyongyang.