|For engaging in organised crime as a revenue raising method, the world’s most secretive dictatorship is perfectly positioned. This is what’s happened in Kim Jong-Un’s N. Korea.
Says a US Army report on the country’s military capabilities, published online in Aug., N. Korean hackers, backed by their Govt., have robbed banks worldwide to support a regime on the brink of bankruptcy because of UN sanctions.
15% of Revenue
Calculations are not easy, but this report thinks that N. Korea uses criminal activity for up to 15% of its revenue, with cyber-attacks amounting to a significant percentage.
Kapsersky think the Pyongyang regime have committed attacks in 18 countries, & made more than a Quarter of a Billion US dollars in 2018 from compromised bitcoin accounts. 2 years before, N. Korean hackers made headlines globally, after stealing $81 million from the Central Bank of Bangladesh.
This report, which confirms details around capacity & capability that were only previously speculative, assesses that the Cyber Warfare Guidance Unit – more commonly known as ‘Bureau 121’ – is responsible for the country’s computer warfare.
US Treasury Department
A US Govt. memo from Aug., written by agencies including the US Treasury Department & the FBI, observed the N. Korean Govt. had increased its financially motivated hacking attempts this year, after a hiatus in activity: “Since Feb. 2020, N. Korea has resumed targeting banks in multiple countries to initiate fraudulent international money transfers & ATM cash outs.”
It is thought this activity helps fund the N. Korean Govt., a financially poor regime due to wide-ranging global sanctions from the US & other western countries.
Bryan Ware, a senior cybersecurity official at the US Homeland Security Department, said: “N. Korean cyber actors have demonstrated an imaginative knack for adjusting their tactics to exploit the financial sector as well as any other sector through illicit cyber operations.”
In 2010 the US surmised the unit comprised of 1,000 hackers operating abroad in countries – e.g. Belarus, China, India, Malaysia & Russia. It now believes that number has grown after Kim Jong-un stated in 2010 that the country would train 100 elite hackers a year.
The report observes Bureau 121 has 3 sub-groups, each with a different function.
Firstly, The Andarial Group – whose mission is to gather information via reconnaissance on enemy computer systems, scanning the enemy network for potential attack.
2nd, is the Bluenoroff Group, who commit the financial cyber-crime, focusing on long-term assessment, & exploiting enemy network vulnerabilities. They make money or take control of systems &, possibly, were responsible for the Bangladesh Bank attack in Feb. 2016 & the bitcoin thefts in 2018.
The 3rd element is the Lazarus Group, who released the WannaCry malware in 2016-2017. Observed the US Army, its aim is “to create social chaos by weaponising enemy network vulnerabilities & delivering a payload if directed to do so by the regime”.
Lazarus was said to be responsible for the “Guardians of Peace” attack in Nov. 2014, targeting Sony.
Counteracting the Threat
A security expert summed up. “There’s not much you can do to stop being targeted; the only thing you can do is deter as much as possible, by putting firewalls & other similar measures in place, rule of thumb – if there’s something to gain, you’re at risk.”
The N. Korean regime is technically capable of causing great damage to corporations, but while their secrecy means the target selection of N. Korean hackers is difficult to ascertain, conclusions can still be drawn from the available intelligence.
That the attacks are financially motivated is a given &, as a nation in a financially perilous position, targets are likely to be large organisations with big turnovers. Attacks like the Bangladesh one also show a preference for developing areas where cyber-security measures are poor.
If your company does business with S. Korea, then you are obviously more vulnerable to attack, as the majority of the North’s offensive initiatives target across the 38th parallel.
In the final reckoning, there is no ‘silver bullet’ for N. Korean invulnerability.
If you believe your company could potentially be at risk of an attack from N. Korea, then making your IT security team aware of potential attacks is a necessary precaution.
The Mount Locker ransomware has caused concern in recent campaigns with more sophisticated scripting & anti-prevention features, states researchers. This change in tactics appears to