North Korea’s nuclear and missile tests have stopped, but its hacking operations to gather intelligence and raise funds for the sanction-strapped government might be gathering steam.
US security firm FireEye on Wednesday raised the alarm over a North Korean group, saying it has since 2014 stolen hundreds of millions of US dollars by infiltrating the computer systems of banks around the world through highly sophisticated and destructive attacks that have spanned at least 11 nations.
It said that the group is still operating and poses “an active global threat.”
It is part of a wider pattern of malicious state-backed cyberactivity that has led the US to identify North Korea — along with Russia, Iran and China — as one of the main online threats facing the US.
The US Department of Homeland Security on Tuesday warned of the use of malware by Hidden Cobra, the US government’s byword for North Korea hackers, in fraudulent ATM cash withdrawals from banks in Asia and Africa.
It said that Hidden Cobra was behind the theft of tens of millions of US dollars from teller machines in the past two years.
In one incident this year, cash had been simultaneously withdrawn from ATMs in 23 different countries, it said.
North Korea has previously denied involvement in cyberattacks and attribution for such attacks is rarely made with absolute certainty. It is typically based on technical indicators such as IP addresses and characteristics of the coding used in malware.
However, other cybersecurity experts said that they also see continued signs that Pyongyang, which has a long track record of criminality to raise cash, is conducting malign activity online.
That activity includes targeting financial institutions and cryptocurrency-related organizations, as well as spying on its adversaries, they said.
“The reality is they are starved for cash and are continuing to try and generate revenue, at least until sanctions are diminished,” CrowdStrike vice president of intelligence Adam Meyers said. “At the same time, they won’t abate in intelligence collection operations, as they continue to negotiate and test the international community’s resolve and test what the boundaries are.”
CrowdStrike said it has detected continuing North Korean cyberintrusions in the past two months, including the use of a known malware against a potentially broad set of targets in South Korea and a new variant of malware against users of mobile devices that use Linux.
FireEye said that APT38, the name it gives to the hacking group dedicated to bank theft, has emerged and stepped up its operations since February 2014, as the economic vise on North Korea has tightened.
Initial operations targeted financial institutions in Southeast Asia, where North Korea had experience in money laundering, but then expanded into other regions, such as Latin America and Africa, and then extended to Europe and North America.
In all, FireEye said that APT38 has attempted to steal US$1.1 billion and, based on the data it can confirm, has gotten away with hundreds of millions.
It has used malware to insert fraudulent transactions in the Society for Worldwide Interbank Financial Telecommunication (SWIFT) system that is used to transfer money between banks.
Its biggest heist to date was US$81 million stolen from the central bank of Bangladesh in February 2016. The funds were wired to bank accounts established with fake identities in the Philippines. After the funds were withdrawn, they were suspected to have been laundered in casinos.
The Foundation for Defense of Democracies, a Washington think tank, on Wednesday said in a report that North Korea’s cybercapabilities provide an alternative means for challenging its adversaries.
While North Korean leader Kim Jong-un’s regime appears to prioritize currency generation, attacks using the SWIFT system raise concerns that North Korean hackers “may become more proficient at manipulating the data and systems that undergird the global financial system,” it said.
FireEye head of global intelligence Sandra Joyce said that while APT38 is a criminal operation, it leverages the skills and technology of a state-backed espionage campaign, allowing it to infiltrate multiple banks at once and figure how to extract funds.
On average, it dwells in a bank’s computer network for 155 days to learn about its systems before it tries to steal anything, and when it finally pounces, it uses aggressive malware to wreak havoc and cover its tracks.
“We see this as a consistent effort, before, during and after any diplomatic efforts by the United States and the international community,” said Joyce, describing North Korea as being “undeterred” and urging the US government to provide more specific threat information to financial institutions about APT38’s modus operandi.
The Silicon Valley-based company said it is aware of continuing, suspected APT38 operations against other banks.
The most recent attack it is publicly attributing to APT38 was in May against Chile’s biggest commercial bank, Banco de Chile. The bank said a hacking operation robbed it of US$10 million.
MONEY MATTERS: Xi was to highlight projects such as a new high-speed railway between Belgrade and Budapest, as Serbia is entirely open to Chinese trade and investment Serbian President Aleksandar Vucic yesterday said that “Taiwan is China” as he made a speech welcoming Chinese President Xi Jinping (習近平) to Belgrade, state broadcaster Radio Television of Serbia (RTS) said. “We have a clear and simple position regarding Chinese territorial integrity,” he told a crowd outside the government offices while Xi applauded him. “Yes, Taiwan is China.” Xi landed in Belgrade on Tuesday night on the second leg of his European tour, and was greeted by Vucic and most government ministers. Xi had just completed a two-day trip to France, where he held talks with French President Emmanuel Macron as the
With the midday sun blazing, an experimental orange and white F-16 fighter jet launched with a familiar roar that is a hallmark of US airpower, but the aerial combat that followed was unlike any other: This F-16 was controlled by artificial intelligence (AI), not a human pilot, and riding in the front seat was US Secretary of the Air Force Frank Kendall. AI marks one of the biggest advances in military aviation since the introduction of stealth in the early 1990s, and the US Air Force has aggressively leaned in. Even though the technology is not fully developed, the service is planning
INTERNATIONAL PROBE: Australian and US authorities were helping coordinate the investigation of the case, which follows the 2015 murder of Australian surfers in Mexico Three bodies were found in Mexico’s Baja California state, the FBI said on Friday, days after two Australians and an American went missing during a surfing trip in an area hit by cartel violence. Authorities used a pulley system to hoist what appeared to be lifeless bodies covered in mud from a shaft on a cliff high above the Pacific. “We confirm there were three individuals found deceased in Santo Tomas, Baja California,” a statement from the FBI’s office in San Diego, California, said without providing the identities of the victims. Australian brothers Jake and Callum Robinson and their American friend Jack Carter
CUSTOMS DUTIES: France’s cognac industry was closely watching the talks, fearing that an anti-dumping investigation opened by China is retaliation for trade tensions French President Emmanuel Macron yesterday hosted Chinese President Xi Jinping (習近平) at one of his beloved childhood haunts in the Pyrenees, seeking to press a message to Beijing not to support Russia’s war against Ukraine and to accept fairer trade. The first day of Xi’s state visit to France, his first to Europe since 2019, saw respectful, but sometimes robust exchanges between the two men during a succession of talks on Monday. Macron, joined initially by EU Commission President Ursula von der Leyen, urged Xi not to allow the export of any technology that could be used by Russia in its invasion