The North Korean government uses a shadowy network of cyberactors to conduct financial crimes on behalf of Kim Jong Un’s regime that have attempted to steal over $1.1 billion in “particularly aggressive” attacks on global banks, according to a new report from a cybersecurity watchdog.
The report from FireEye says a group called APT38 has conducted operations against 16 organizations in at least 11 countries “sometimes simultaneously,” which indicate the group has a “large, prolific operation with extensive resources.”
The report also states that the probable number of institutions targeted by the group is likely higher and it has successfully stolen over $100 million through its operations since 2014.
Pyongyang’s increasingly bold attacks in the virtual space have come in tandem with the hermit nation’s rapidly progressing ballistic missile and nuclear programs. Those operations have continued despite ongoing diplomatic talks with the US and South Korea.
The Trump administration has made it clear that it will not lift economic sanctions that have been levied against North Korea until denuclearization is achieved, prompting Pyongyang to consider alternative sources of revenue.
“The heavily sanctioned and cash-strapped North also uses cyberattacks to generate illicit funds from ransom payments, cryptocurrency exchange hacks, and fraudulent inter-bank transfer orders,” according to a new report by the Foundation for Defense of Democracies.
North Korea could also use its cyber capabilities to attack the US economy, warns FDD’s Samantha Ravich, senior adviser and Principal Investigator of FDD’s cyber-enabled economic warfare (CEEW) project.
“Fifteen or even 10 years ago, when analyzing potential blowback to US sanctions on North Korea or US-South Korean military exercises, there was never a consideration of the Kim regime’s ability to target the US economy,” said Ravich.
“Now, North Korea has one of the most capable and aggressive cyberoperations. Facing intense US economic sanctions, Pyongyang may consider using its cybercapabilities to attack the US economy,” she said.
North Korea’s hackers have been accused of carrying out some of the most audacious cyberattacks of the past few years, from siphoning millions of dollars to stealing state secrets.
Last month, the Justice Department announced cyberhacking charges against a North Korean national linked to the computer hacking of Sony in 2014, the WannaCry ransomware attack, and other significant cyberintrusions.
The country’s hack on Sony Pictures Entertainment led the Obama administration to impose economic sanctions against North Korean government agencies and senior officials.
The DOJ announcement marked the first time US prosecutors have brought criminal charges against an official associated with the Sony breach and other attacks, with the DOJ targeting North Korean computer programmer Park Jin Hyok.
In February 2016, $101 million was fraudulently transferred out of the Bangladesh central bank’s account at the New York Federal Reserve and eventually made its way to the Philippines.
Researchers found that the hackers responsible for the theft carefully routed their signal through France, South Korea and Taiwan to setup their attack server, but made a critical mistake that established a connection to North Korea.
Most of the funds have not been recovered.
Analysts say North Korea has been preparing similar operations targeting cryptocurrencies like Bitcoin, as international sanctions make it harder for North Korea to use the dollar.