[ad_1]
The Onslow Water and Sewerage Authority in Jacksonville, North Carolina, was still recovering from the damage caused by Hurricane Florence when hackers began attacking its computer systems with the help of malware.
On Saturday, October 13th at 3 am, the malicious program launched a sophisticated ransomware software called Ryuk. A member of the utility's IT staff reacted quickly by disconnecting the computer system from the Internet, but it was already too late.
Malicious code had spread across the network, encrypting files and databases. Soon after, an email with a ransom demand arrived. The FBI is still investigating the attack, but all the evidence suggests a suspect: North Korea. This is not the first time that Pyongyang hackers have been targeted by US infrastructure.
Ryuk ransomware was coded by a Pyongyang-controlled piracy group called Lazarus, according to Check Point, a cybersecurity firm. The same group was blamed for the attack on Sony Pictures, the WannaCry ransomware and the $ 81 million robbery to Bangladesh Bank.
Kim Jong Un may not launch rockets as part of his attempt to improve relations with the United States, but such subtleties do not apply to Pyongyang's cyber-operations, experts say. Instead, in the shadow of nuclear negotiations, Kim's hacker team has significantly expanded its cyberwar capabilities and has shown a greater willingness to target Western entities, including the United States.
The Onslow Water and Sewerage Authority in Jacksonville, North Carolina, was still recovering from the damage caused by Hurricane Florence when hackers began attacking its computer systems with the help of malware.
On Saturday, October 13th at 3 am, the malicious program launched a sophisticated ransomware software called Ryuk. A member of the utility's IT staff reacted quickly by disconnecting the computer system from the Internet, but it was already too late.
Malicious code had spread across the network, encrypting files and databases. Soon after, an email with a ransom demand arrived. The FBI is still investigating the attack, but all the evidence suggests a suspect: North Korea. This is not the first time that Pyongyang hackers have been targeted by US infrastructure.
Ryuk ransomware was coded by a Pyongyang-controlled piracy group called Lazarus, according to Check Point, a cybersecurity firm. The same group was blamed for the attack on Sony Pictures, the WannaCry ransomware and the $ 81 million robbery to Bangladesh Bank.
Kim Jong Un may not launch rockets as part of his attempt to improve relations with the United States, but such subtleties do not apply to Pyongyang's cyber-operations, experts say. Instead, in the shadow of nuclear negotiations, Kim's hacker team has significantly expanded its cyberwar capabilities and has shown a greater willingness to target Western entities, including the United States.
"Despite the accelerated pace of diplomatic re-engagement with North Korea, everything the country has done in cyberspace has been completely neglected," said Fred Plan, senior analyst at FireEye, a security company, told VICE News.
The researchers said the current campaigns were aimed primarily at increasing revenue through a combination of bold bank audits and ransomware attacks targeting victims such as municipalities and private companies. But these same techniques could soon be used to destabilize US national security, they warned.
After the money
The computer hacking empire in North Korea is disproportionate. According to a South Korean report released in 2014, 6,000 Pyongyang members were conducting cyberwar activities, roughly the same number as the US Cyber Command mission force. Financial crime is one of the areas in which its business is growing rapidly, and a specific group has been instrumental in helping to make money for the scheme, according to a report released this month by Plan and colleagues at FireEye.
"There is clearly an escalation of financially motivated crime," Plan said.
The finance-focused group of North Korean hackers has been labeled APT38 and has been in existence since at least 2014, FireEye researchers said. While the group was initially cautious, conducting attacks months apart, its most recent operations took place at a faster pace, and they were more destructive.
To date, the attacks have mainly affected Southeast Asia and Latin America, but there is some evidence that the group is about to move even further by targeting high-level institutions in the Southeast Asia and Latin America regions. Western countries.
"There are other countries that are quite capable in cyberspace, but you do not see them robbing banks, and North Korea has both the motivation and the ability to do it."
"We have identified chains in the malicious software used by APT38 that demonstrate an obvious interest in targeting some of the most renowned banks," Plan said.
These hackers are not just targeting banks anymore.
Although officials at Onslow refused to pay the ransom demand, many Ryuk victims did so. North Korean hackers have earned at least $ 640,000 through Ryuk ransomware deployed in the United States and elsewhere, according to a recent report by Check Point.
Last year, FireEye halted a North Korean campaign of phishing phishing emails to US power companies. The WannaCry ransomware that spread in May 2017 and infected about 200,000 computers in 150 countries is also a North Korean creation.
For decades, North Korea has sought to strengthen its economy through the production and distribution of narcotics, the trafficking of endangered species, the counterfeiting of currency and the manufacture of counterfeit cigarettes. But today, many of these operations have been replaced by cyberattacks.
"I think cyber is a way to get around the sanctions, get hard currency, short and long term. I think it's too lucrative for them to give it up, "said David Maxwell, senior fellow of the Foundation for the Defense of Democracies, a hawk think tank, which recently released a new report on hacking operations computer in North Korea.
Maxwell believes that the success of financially motivated cyber attacks in North Korea could lead Kim to consider using his hackers for more destructive purposes.
The transmission lines carry electricity along Interstate 40 and I-85 corridors in Orange County, near Hillsborough, North Carolina. Public utilities are injecting billions of dollars into a race to prevent terrorists or enemy governments from cutting off the grid. delivery system ready for a world with a lot more renewable energy. (AP Photo / Gerry Broome)
Maxwell and co-author of the report, Matthew Ha, believe that the success of financially motivated cyber-operations will prompt Kim to consider more destructive cyberattacks against South Korea, Japan and the United States, such as the targeting critical national infrastructures, industrial supply chains and large private companies in key industries.
And North Korea's investments in cyber warfare will only grow, Ha said, adding that current investments in campaigns to infiltrate undetected US networks could pay off in the future.
"They discover our infrastructure systems [which] they will definitely be able to take advantage later if things really go sour, "Ha told VICE News.
Cyber operations are inherently more difficult to detect, and for North Korea they also offer plausible deniability coverage.
Preventing you from launching a missile over Japan is difficult, but preventing you from creating malware is much easier, given the ease with which hackers install fake flags in the code to send investigators into the wrong place. direction.
"They discover our infrastructure systems [which] they can certainly take advantage later if things really go sour. "
North Korea may not be in the same category as the United States, China or Russia in piracy of identity information, but it has one asset: recklessness.
"There are other countries that are quite capable in cyberspace, but we do not see them stealing banks, and North Korea is both motivated and able to do so," said Plan.
US and British intelligence agencies both expressed concern over Pyongyang's growing cyber threat. A report from the British Intelligence and Security Committee in 2017 warned that North Korea "is ready to use its capabilities without worrying about attribution or ideological motives foreign to other countries".
In July, National Intelligence Director Dan Coats warned that North Korea was one of the main opponents – along with Russia, China and Iran – who launched daily cyberattacks against targets US. Coats warned that the threat of a "crippling cyber attack on our critical infrastructure" by a foreign actor is increasing.
But despite the threat of a sophisticated cyber-operation, it still does not replace a nuclear-faring intercontinental ballistic missile, experts said.
"For Kim Jong Un, what matters is the survival of his regime and nothing can replace nuclear weapons. It is impossible for a state like North Korea to make the cyber attack a kind of substitute, "Nigel Inkster, former director of operations and intelligence at MI6, told VICE News.
Cover photo: North Korean leader Kim Jong Un, center-left, and US Secretary of State Mike Pompeo walk together before their meeting in Pyongyang, North Korea, on October 7, 2018. (Central News Agency) Korean / Korea Press Service via AP)
