North Korean hacking group blamed for attempted cyber heists totalling US$1.1 billion

A North Korean hacking group focused on financial gain for the rogue state has penetrated banks around the world with a series of ongoing attacks, and has tried to steal at least US$1.1 billion over the last four years, according to a new tally by cybersecurity firm FireEye Inc.

The group, which FireEye identified as APT38, has infiltrated more than 16 organisations in 11 countries including the US, and stolen more than US$100 million. The hackers have got past heavily defended servers at banks and spent time scouring the networks. Security officials should be alarmed, FireEye said last week in a report.

“What sets the North Koreans apart is they wait an average of 155 days before they steal the money,” Charles Carmakal, vice-president of consulting at FireEye, said. “They understand banking networks pretty well. And they probably have geopolitical considerations behind the timing, location of their attacks.”

The most prominent attack by APT38 was the theft of funds from the Bangladeshi central bank’s accounts at the US Federal Reserve in 2016. In that case, the hackers got the Fed to transfer some US$100 million by sending fake wiring orders. About US$40 million was recovered when the hack was discovered and transfers were reversed before they could be withdrawn.

In January, Mexico’s state-owned trade bank thwarted the attempted theft of US$110 million using similar methods. In May, a Chilean bank lost US$10 million. All were carried out by APT38, FireEye said in its report.