North Korean hackers blamed for wave of cyberattacks on banks
Cybersecurity firm says elite group behind attacks that have netted hundreds of millions of dollars
PUBLISHED : Wednesday, 03 October, 2018, 11:30pm
UPDATED : Thursday, 04 October, 2018, 5:30am
Related topics
An elite group of North Korean hackers has been identified as the source of a wave of cyberattacks on global banks that has netted “hundreds of millions” of dollars, security researchers said on Wednesday.
A report by the cybersecurity firm FireEye said that the newly identified group, dubbed APT38, is distinct from but linked to other North Korean hacking operations, and has the mission of raising funds for the isolated Pyongyang regime.
FireEye researchers said that APT38 is one of several hacking cells within an umbrella group known as Lazarus, but with unique skills and tools that have helped it carry out some of the world’s largest cyber-robberies.
“They are a cybercriminal group with the skills of a cyberespionage campaign,” said Sandra Joyce, FireEye’s vice-president of intelligence, in a briefing with journalists in Washington.
Joyce said one characteristic of APT38 is that it takes several months, sometimes nearly two years, to penetrate and learn the workings of its targets before its attacks, which have sought to illegally transfer more than US$1 billion from victimised banks.
US Secretary of State Mike Pompeo will meet North Korean leader Kim Jong-un on Sunday
“They take their time to learn the intricacies of the organisation,” Joyce said.
Once they succeed, she added, “they deploy destructive malware on their way out” to hide their traces and make it more difficult for victims to find out what happened.
Joyce said FireEye decided to go public about the threat out of a “sense of urgency” because the group appears to still be operating and is “undeterred by any diplomatic efforts”.
The group has compromised more than 16 organisations in at least 11 countries since at least 2014, according to the FireEye report.
Some of the known attacks have targeted the Vietnam TP Bank in 2015; Bangladesh Bank in 2016; Far Eastern International Bank of Taiwan in 2017; and Bancomext of Mexico and Banco de Chile in 2018.
Joyce said the group appeared to have “the scope and resources of a nation-state” but offered no specific figures on how many people it uses.
Nalani Fraser, a member of the FireEye research team, said APT38 attacks sought at least US$1.1 billion since 2014 and have managed to steal “hundreds of millions of dollars based on data that we can confirm.”
FireEye said there appeared to be some sharing of resources between hacker groups in North Korea, including those involved in espionage and those in other kinds of attacks.
Some of the information about APT38 was revealed in a US criminal complaint unsealed last month against Park Jin-hyok, a North Korean computer programmer charged in connection with the WannaCry ransomware outbreak and the attack on Sony Pictures.
But Park likely played only a peripheral role in APT38, which “has a focused mission to steal money to fund the North Korean regime”, Joyce said.
FireEye’s new report was based in part on forensic analysis it conducted for the FBI in the investigation into Park, but also from other data the security firm has gathered from its global client base.
North Korea’s Kim has up to 60 nuclear warheads, South Korea says
The researchers said APT38 used techniques including “phishing” emails to gain access to credentials as well as “watering holes” – hijacked websites that appear normal but which contain malware that enables hackers to gather more data and access.
As part of the scheme, the hackers created fake identities within known non-governmental organisations or foundations to help move the stolen money, in some cases manipulating the global interbank transfer system known as Swift.
The report is the latest highlighting a vast and increasingly sophisticated cyber campaign by North Korea for both political and financial ends.
US charges North Korean programmer Park Jin-hyok over cyberattacks
In September, a 176-page criminal complaint against Park outlined what officials called “a vast and audacious scheme by the North Korean government to utilise computer intrusions as a means to support the varied goals of their regime.”
On Tuesday, the US Department of Homeland Security issued a bulletin warning that North Korea was likely behind malware used to hack into and steal money from bank teller machines.
The bulletin said that officials believed the “Hidden Cobra” malware enabled North Korea to illegally get cash from bank machines in at least 30 countries, mainly in Asia and Africa, since 2016.
Most Popular
Viewed
- 1
![In this courtroom sketch, Meng Wanzhou, right in green, the chief financial officer of Huawei Technologies, listens during her bail hearing at British Columbia Supreme Court in Vancouver on Tuesday. By the end of the afternoon, Mr Justice William Ehrcke granted her bail. Image: Jane Wolsak/The Canadian Press via AP]( "In this courtroom sketch, Meng Wanzhou, right in green, the chief financial officer of Huawei Technologies, listens during her bail hearing at British Columbia Supreme Court in Vancouver on Tuesday. By the end of the afternoon, Mr Justice William Ehrcke granted her bail. Image: Jane Wolsak/The Canadian Press via AP")
- 2
![Former Canadian diplomat Michael Kovrig detained in China after arrest of Huawei CFO Sabrina Meng Wanzhou in Canada]()
- 3
![100 Christians snatched in overnight raids on underground Chinese church]()
- 4
![The constitutional amendment on presidential term limits was one of a number of moves by Beijing that has worried some US observers. Photo: AP]( "The constitutional amendment on presidential term limits was one of a number of moves by Beijing that has worried some US observers. Photo: AP")
- 5
![David Mulroney, Canada’s former ambassador to China, sees parallels between Michael Kovrig’s detention and the 2014 case of Kevin and Julia Garratt. Photo: Harbin University]( "David Mulroney, Canada’s former ambassador to China, sees parallels between Michael Kovrig’s detention and the 2014 case of Kevin and Julia Garratt. Photo: Harbin University")
Shared
- 1
![In this courtroom sketch, Meng Wanzhou, right in green, the chief financial officer of Huawei Technologies, listens during her bail hearing at British Columbia Supreme Court in Vancouver on Tuesday. By the end of the afternoon, Mr Justice William Ehrcke granted her bail. Image: Jane Wolsak/The Canadian Press via AP]( "In this courtroom sketch, Meng Wanzhou, right in green, the chief financial officer of Huawei Technologies, listens during her bail hearing at British Columbia Supreme Court in Vancouver on Tuesday. By the end of the afternoon, Mr Justice William Ehrcke granted her bail. Image: Jane Wolsak/The Canadian Press via AP")
- 2
![Former Canadian diplomat Michael Kovrig detained in China after arrest of Huawei CFO Sabrina Meng Wanzhou in Canada]()
- 3
![100 Christians snatched in overnight raids on underground Chinese church]()
- 4
![Surprise, surprise, Vancouver: Huawei CFO Sabrina Meng Wanzhou is a mansion-owning, satellite-parenting reverse immigrant]()
- 5
![Sabrina Meng Wanzhou and a family member are seen in British Columbia, in a photograph provided to the province’s Supreme Court by her legal team in a bail hearing. Photo: Sabrina Meng Wanzhou via BC Supreme Court]( "Sabrina Meng Wanzhou and a family member are seen in British Columbia, in a photograph provided to the province’s Supreme Court by her legal team in a bail hearing. Photo: Sabrina Meng Wanzhou via BC Supreme Court")
Commented
- 1
![Former Canadian diplomat Michael Kovrig detained in China after arrest of Huawei CFO Sabrina Meng Wanzhou in Canada]()
- 2
![In this courtroom sketch, Meng Wanzhou, right in green, the chief financial officer of Huawei Technologies, listens during her bail hearing at British Columbia Supreme Court in Vancouver on Tuesday. By the end of the afternoon, Mr Justice William Ehrcke granted her bail. Image: Jane Wolsak/The Canadian Press via AP]( "In this courtroom sketch, Meng Wanzhou, right in green, the chief financial officer of Huawei Technologies, listens during her bail hearing at British Columbia Supreme Court in Vancouver on Tuesday. By the end of the afternoon, Mr Justice William Ehrcke granted her bail. Image: Jane Wolsak/The Canadian Press via AP")
- 3
![Donald Trump says he would intervene in arrest of Huawei CFO Sabrina Meng Wanzhou if it helped secure trade deal with China]()
- 4
![Sabrina Meng Wanzhou was arrested in Canada on December 1 at the request of the United States, for allegedly breaching trade sanctions with Iran. Photo: Reuters]( "Sabrina Meng Wanzhou was arrested in Canada on December 1 at the request of the United States, for allegedly breaching trade sanctions with Iran. Photo: Reuters")
- 5
![David Mulroney, Canada’s former ambassador to China, sees parallels between Michael Kovrig’s detention and the 2014 case of Kevin and Julia Garratt. Photo: Harbin University]( "David Mulroney, Canada’s former ambassador to China, sees parallels between Michael Kovrig’s detention and the 2014 case of Kevin and Julia Garratt. Photo: Harbin University")
You may also like
5 ways virtual reality is going to change your life
In partnership with: HKT PREMIER
Christmas in London 2018
Brought to you by JLL
Comments: