[ad_1]
Breaking News Emails
Receive alerts and special reports. News and stories that matter, delivered in the morning on weekdays.
WASHINGTON – Nuclear and missile testing by North Korea has stopped, but its computer hacking operations to gather information and raise money for the government, free of sanctions in Pyongyang, are likely to take l & # 39; scale.
The US security firm FireEye sounded the alarm Wednesday about a North Korean group that allegedly stole hundreds of millions of dollars by infiltrating the computer systems of banks around the world since 2014 through Highly sophisticated and destructive attacks that have affected at least 11 countries. He says the group is still active and is "an active global threat".
This is part of a larger set of state-sponsored malicious cyberactivities that have led the Trump administration to identify North Korea – along with Russia, Iran, and China – as one of the major online threats that the United States faces. Last month, the Justice Ministry charged a North Korean hacker suspected of plotting devastating cyberattacks, including an $ 81 million robbery of Bangladesh's central bank and the WannaCry virus, which paralyzed him. elements of the British health service.
On Tuesday, the US Department of Homeland Security warned against the use of malware by Hidden Cobra, the US government's order word for North Korean pirates, as part of fraudulent withdrawals in cash in ATMs with banks in Asia and Africa. He said that Hidden Cobra was behind the theft of tens of millions of dollars in ATMs over the past two years. In an incident this year, cash was withdrawn simultaneously from ATMs in 23 different countries, the paper said.
North Korea, which prohibits access to the World Wide Web to almost all of its population, had previously denied any involvement in cyberattacks and the attribution of such attacks is rarely made with absolute certainty. It is usually based on technical indicators such as Internet protocol addresses that identify computers and the characteristics of the code used by malware, software that a hacker can use to damage or disable computers.
But other cybersecurity experts told the Associated Press that they are seeing more and more signs that the authoritarian North Korean government, which has a long history of crime to raise funds, is conducting malicious online activities. This activity includes targeting financial institutions and organizations related to cryptocurrency, as well as spying on its opponents, despite easing tensions between Pyongyang and Washington.
"The reality is that they are running out of money and still trying to generate revenue, at least until the sanctions are down," said Adam Meyers, vice president. Intelligence at CrowdStrike. "At the same time, they will not stop in intelligence gathering operations as they continue to negotiate and test the determination of the international community and determine what the limits are."
CrowdStrike said it has detected persistent North Korean cyber intrusions in the last two months, including the use of known malicious software against a potentially large set of targets in South Korea, as well as a new variant of malware targeting mobile device users using Linux. based operating system.
This activity took place in the context of a dramatic diplomatic change, while Kim Jong Un is open to the world. He has held summits with South Korean President Moon Jae-in and President Donald Trump, who hope to persuade Kim to give up nuclear weapons that pose a potential threat to the American homeland. Tensions in the divided Korean Peninsula declined and fears of a war with the United States eased. Trump this weekend will send his best diplomat, Mike Pompeo, to Pyongyang for the fourth time this year, to advance denuclearization.
But North Korea has not yet taken concrete steps to give up its nuclear arsenal. The sanctions that were imposed did not allow him to deprive himself of fuel and income for his weapons programs, and to prevent him from transferring large sums of money. access to the international banking system.
According to FireEye, APT38, the name it gives to the hacking group dedicated to banking theft, has emerged and has intensified its operations since February 2014, while the economic stranglehold of North Korea has tightened to following his nuclear tests and his missiles. Initial operations targeted financial institutions in Southeast Asia, where North Korea had experience of money laundering and then expanded to other regions such as Latin America and Africa. then to Europe and North America.
In total, FireEye reports that APT38 has attempted to steal $ 1.1 billion and, based on the data it can confirm, has escaped with hundreds of millions of dollars. He used malicious software to insert fraudulent transactions into the Society for Worldwide Interbank Financial Telecommunication or SWIFT system used to transfer money between banks. Its biggest flight to date is US $ 81 million stolen from the central bank of Bangladesh in February 2016. The funds were transferred to bank accounts with a false identity in the Philippines. After the withdrawal of funds, they would have been laundered in casinos.
The Washington-based think tank Foundation for the Defense of Democracies said in a report released on Wednesday that North Korea's computing capabilities were an alternative way to challenge its opponents. While Kim's hereditary regime seems to prioritize currency generation, SWIFT-based attacks raise fears that North Korean hackers "will become more skilled at manipulating the data and systems that underpin the global financial system." ".
Sandra Joyce, global intelligence officer at FireEye, said that while APT38 is a criminal operation, it exploits the skills and technology of a state-sponsored espionage campaign, allowing it to Infiltrate several banks at once and determine how to extract funds. On average, she spends 155 days in the computer network of a bank to become familiar with her systems before attempting to steal anything. And when he starts, he uses aggressive malware to wreak havoc and cover his tracks.
"We see this as a constant effort, before, during and after all the diplomatic efforts of the United States and the international community," Joyce said, calling North Korea "undeterred" and calling on the US government to provide More precise information on the financial institutions threat on the modus operandi of APT38. APT stands for Advanced Persistent Threat.
The Silicon Valley-based company claims to be aware of suspected APT38 deals against other banks. The most recent attack she publicly attributed to APT38 took place last May against Chile's largest commercial bank, the Banco de Chile. The bank said that a hacking operation had stolen $ 10 million.
FireEye, which brings together a roster of former army cyberexperts and law enforcement forces, has analyzed malicious software as part of a criminal indictment initiated by the Ministry of Justice last month against Park Jin Hyok, the first time that a North Korean hacker faces charges. He is accused of conspiring in several devastating cyberattacks: the burglary of Bangladesh and other attempts to steal more than a billion dollars from financial institutions worldwide; the 2014 Sony Pictures Entertainment offense; and the WannaCry ransomware virus that, in 2017, infected computers in 150 countries.