[ad_1]
The hackers backed by North Korea have an elaborate network to launder money and are actively targeting banks around the world, according to a major cyber security firm.
Sanctions against the isolated nation could also lead to an escalation of cyber-harassment attempts, senior FireEye intelligence analysts said.
The FBI retained the firm to analyze the malware during the investigation into the Park Jin Hyok, hacker of the North Korean government and has been following the activities of the Lazarus group on cybercrime for several years.
The pace of piracy activities motivated by financial reasons in Pyongyang "probably reflects increasingly desperate efforts to steal funds in order to pursue the interests of the state," the company said.
Describing the "Lazarus Group" as a generic term, FireEye has now identified two separate missions within the North Korean cyber-operations unit, with APT38 being its codename for financially motivated attacks.
United States continues to punish North Korea
APT38's operations began in February 2014, according to FireEye, "and were probably influenced by the financial sanctions adopted in March 2013 that blocked bulk cash transfers and restricted North Korea's access to systems. international banking ".
North Korea has always manufactured drugs, made counterfeit and smuggled to keep its economy afloat. FireEye describes hacking as a similar form of activity.
With the regime's intelligence services familiar with money laundering networks in Southeast Asia, financial institutions were among the first targets – but the APT38 is now operating globally.
FireEye analysts have described a complex network of mules establishing fraudulent bank accounts in different countries, used to transfer funds, including through cryptocurrency exchanges – which are themselves an additional target for APT38.
Cyber-robberies occur when hackers have access to banks' internal networks and have often targeted the SWIFT messaging networks that banks use to exchange instructions.
North Korea is the only country that funds cyber espionage to supplement its national budget
By initiating a fraudulent transaction via the SWIFT network, APT38 has already sent millions of dollars from Bangladesh Bank to four accounts in the Philippines and another in Sri Lanka.
Chinese court documents explained how the money had been laundered by casinos in sumptuous games of chance, in which players played Baccarat and tried to minimize their gains and losses in order to conceal the origin of the gambling. the money that they had brought home – or sent Pyongyang.
The term "APT" from FireEye describes advanced persistent threats and usually refers only to state-sponsored espionage threats and sometimes sabotage.
While many other countries invest heavily in cyber espionage devices, often to steal data from target networks, the end goal is rarely motivated by financial considerations.
The North Korean government is currently the only regime willing to devote significant resources to cyber operations that will complement its national budget.
:: Sky News was presented at the Washington DC briefing by FireEye.
