N Korean Hackers Are Targeting India

Uploaded on 2019-11-25 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Financial, BUSINESS-Production-Energy

North Korean cyber hacker operators have apparently recently been busy and US Cyber Command has posted seven DPRK-linked malware samples to VirusTotal,  a free service that analyzes files and URLs for viruses, worms, trojans and other kinds of malicious content. 

CyberCommand says the samples are "currently used for fund generation and malicious cyber activities including remote access, beaconing, and malware command." 

The motives for other suspected North Korean attacks are still being debated.  

The Asia Times points to more evidence that North Korea was behind a malware attack on India's Kudankulam Nuclear Power Plant (KKNPP), citing an analysis by a researcher at Issue Makers Lab which found that North Korean hackers, traditionally associated with financially motivated hacking, "have now been tasked with either disrupting atomic plants or stealing atomic technologies." 

This analysis shows that the North Korean hackers have now been tasked with either disrupting atomic plants or stealing atomic technologies, as India is not only a nuclear power operator, but also a nuclear-armed state. This is a major upgrade of North Korea’s cyberattack capabilities, which used to be deployed against civilian targets.

The researcher also concluded that the malware entered the plant's IT networks after someone connected to KKNPP's domain clicked on a malware-laden phishing link. 

What the Lazarus Group was after, assuming the attribution that’s being widely circulated in the press holds up, remains obscure, but Indian government sources told Asia Times that the attackers were trying to glean information about the plant's nuclear fuel yields, which could have helped them better understand India's military nuclear capabilities. 

The Indian Space Research Organisation, was also warned of a DTrack infestation, believed to be of North Korean origin. The warning arrived during the space agency's Chandrayaan-2 lunar mission which failed when controllers lost contact with the spacecraft during its September 6th landing attempt. 

The motive for the attack is unclear, as is the effect, if any, it might have had on the flight. ISRO has been relatively tight-lipped about the cause of the lander’s failure. It is, we should note, the landing that failed; other aspects of the mission did not. Chandrayaan’s lunar orbiter is up and working, sending data back to ISRO’s ground station.

The group to which these various operations is being attributed is, of course, Hidden Cobra, also known as the Lazarus Group.

North Korea is also alleged to have been behind several prominent cyberattacks and crimes globally. These include hacks into South Korean banks and government agencies, and a high-profile 2014 attack on Sony Pictures, which had produced a satirical comedy featuring Kim Jong Un.

Pyongyang was also accused of cyber theft, breaking into a Bangladesh bank in 2016 and stealing crypto-currencies, likely in efforts to generate scarce income for the State. In 2018, the US Justice and Treasury Departments pinpointed a North Korean hacker, Park Jin-hyok, by name, accusing him of masterminding the Sony and Bangladesh bank attacks. The 2018 US Department of Justice indictment names Park and Lazarus, alleging that they are affiliated with the unit Cell 101.

Between the details of the computer that was used to attack the Indian nuclear power plant, the details in the malware code and the DTrack virus, Choi and other researchers are now confident that the North Koreans were behind this elaborate operation.

CyberWire:          CyberScoop:        Asia Times:  

You Might Also Read:


United Nations  Investigating N Korean Cyber Attacks:

 

 

« Iran Shuts Down The Internet
Regulatory Plans For Artificial Intelligence & Algorithms »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

IT GRC Forum

IT GRC Forum

The IT GRC Forum is an online resource and networking platform for the Governance, Risk Management, and Compliance (GRC) community

CANVAS Consortium

CANVAS Consortium

The CANVAS Consortium aims to unify technology developers with legal and ethical scholar and social scientists to approach the challenges of cybersecurity.

7Safe

7Safe

7Safe has been delivering hands-on digital security training courses since 2001 and offer e a portfolio of university and industry-accredited courses.

SEC Consult

SEC Consult

SEC Consult is a leading European consultancy for application security services and information security.

Cognni

Cognni

Cognni (formerly Shieldox) will make your InfoSec think like a human, right out of the box, so you can focus on the bigger picture, keeping the information flow safe.

BrainChip

BrainChip

BrainChip is the leading provider of neuromorphic computing solutions, a type of artificial intelligence that is inspired by the biology of the human neuron - spiking neural networks.

Hornetsecurity

Hornetsecurity

Meet Hornetsecurity – Leading Cloud Email Security Provider. We protect global organizations so you can focus on what you do best.

Hexnode MDM

Hexnode MDM

Hexnode MDM is an award winning Enterprise Mobility Management vendor which helps businesses to secure and manage BYOD, COPE, apps and content.

Sergeant Laboratories

Sergeant Laboratories

Sergeant Laboratories builds advanced technologies to prove compliance in complex IT security and regulatory compliance situations.

Britive

Britive

The Britive Platform is a cloud-native security solution built for the most demanding cloud-forward enterprises.

Cyber Dacians

Cyber Dacians

Cyber Dacians offers Information and Cyber Security Consulting Services. We help you to test the effectiveness of your security defenses and build a secure infrastructure.

Prescient Solutions

Prescient Solutions

Prescient Solutions is a managed services provider, using a cloud-based model to provide IT solutions to small, mid-sized, global organizations and government entities.

Chugach Government Solutions (CGS)

Chugach Government Solutions (CGS)

CGS performs work for the Federal Government across 4 unique core lines of business, including: Facilities Management and Maintenance, Construction, Technical IT and Cyber Services, and Educational Se

DarkFeed

DarkFeed

DarkFeed is a Threat Intelligence provider that monitors the darknet in real-time, where hackers and Cyber criminals are most active.

US Department of State - Bureau of Cyberspace & Digital Policy

US Department of State - Bureau of Cyberspace & Digital Policy

The Bureau of Cyberspace and Digital Policy leads and coordinates the Department’s work on cyberspace and digital diplomacy to encourage responsible state behavior in cyberspace.

Diversified Search Group - Alta Associates

Diversified Search Group - Alta Associates

Diversified Search Group is an industry leader in recruiting diverse, inclusive and transformational leadership for clients.