|
North Korea hacking increasingly focused
on making money more than espionage: South Korea study
Send a link to a friend
 [July 28, 2017]
By Christine Kim
SEOUL (Reuters) - North Korea is behind an
increasingly orchestrated effort at hacking into computers of financial
institutions in South Korea and around the world to steal cash for the
impoverished country, a South Korean state-backed agency said in a
report.
In the past, suspected hacking attempts by North Korea appeared intended
to cause social disruption or steal classified military or government
data, but the focus seems to have shifted in recent years to raising
foreign currency, the South's Financial Security Institute (FSI) said.
The isolated regime is suspected to be behind a hacking group called
Lazarus, which global cybersecurity firms have linked to last year's $81
million cyber heist at the Bangladesh central bank and the 2014 attack
on Sony's Hollywood studio.
The U.S. government has blamed North Korea for the Sony hack and some
U.S. officials have said prosecutors are building a case against
Pyongyang in the Bangladesh Bank theft.
In April, Russian cybersecurity firm Kaspersky Lab also identified a
hacking group called Bluenoroff, a spin off of Lazarus, as focused on
attacking mostly foreign financial institutions.
The new report, which analyzed suspected cyber attacks between 2015 and
2017 on South Korean government and commercial institutions, identified
another Lazarus spinoff named Andariel.
"Bluenoroff and Andariel share their common root, but they have
different targets and motives," the report said. "Andariel focuses on
attacking South Korean businesses and government agencies using methods
tailored for the country."
Pyongyang has been stepping up its online hacking capabilities as one
way of earning hard currency under the chokehold of international
sanctions imposed to stop the development of its nuclear weapons
program.
Cyber security researchers have also said they have found technical
evidence that could link North Korea with the global WannaCry
"ransomware" cyber attack that infected more than 300,000 computers in
150 countries in May.
"We've seen an increasing trend of North Korea using its cyber espionage
capabilities for financial gain. With the pressure from sanctions and
the price growth in cryptocurrencies like Bitcoin and Ethereum - these
exchanges likely present an attractive target," said Luke McNamara,
senior analyst at FireEye, a cybersecurity company.
North Korea has routinely denied involvement in cyber attacks against
other countries. The North Korean mission to the United Nations was not
immediately available for comment.
[to top of second column] |
The North Korea flag flutters next to concertina wire at the North
Korean embassy in Kuala Lumpur, Malaysia March 9, 2017.
REUTERS/Edgar Su
ATM, ONLINE POKER
The report said the North Korean hacking group Andariel has been
spotted attempting to steal bank card information by hacking into
automated teller machines, and then using it to withdraw cash or
sell the bank information on the black market. It also created
malware to hack into online poker and other gambling sites and steal
cash.
"South Korea prefers to use local ATM vendors and these attackers
managed to analyze and compromise SK ATMs from at least two vendors
earlier this year," said Vitaly Kamluk, director of the APAC
research center at Kaspersky.
"We believe this subgroup (Andariel) has been active since at least
May 2016."
The latest report lined up eight different hacking instances spotted
within the South in the last few years, which North Korea was
suspected to be behind, by tracking down the same code patterns
within the malware used for the attacks.
One case spotted last September was an attack on the personal
computer of South Korea's defense minister as well as the ministry's
intranet to extract military operations intelligence.
North Korean hackers used IP addresses in Shenyang, China to access
the defense ministry's server, the report said.
Established in 2015, the FSI was launched by the South Korean
government in order to boost information management and protection
in the country's financial sector following attacks on major South
Korean banks in previous years.
The report said some of the content has not been proven fully and is
not an official view of the government.
(Additional reporting by Jeremy Wagstaff in SINGAPORE; Editing by
Soyoung Kim and Michael Perry)
[© 2017 Thomson Reuters. All rights
reserved.]
Copyright 2017 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
 |
