N Korean Hackers Are Targeting India

Uploaded on 2019-11-25 in TECHNOLOGY-Hackers, FREE TO VIEW, BUSINESS-Services-Financial, BUSINESS-Production-Energy

North Korean cyber hacker operators have apparently recently been busy and US Cyber Command has posted seven DPRK-linked malware samples to VirusTotal,  a free service that analyzes files and URLs for viruses, worms, trojans and other kinds of malicious content. 

CyberCommand says the samples are "currently used for fund generation and malicious cyber activities including remote access, beaconing, and malware command." 

The motives for other suspected North Korean attacks are still being debated.  

The Asia Times points to more evidence that North Korea was behind a malware attack on India's Kudankulam Nuclear Power Plant (KKNPP), citing an analysis by a researcher at Issue Makers Lab which found that North Korean hackers, traditionally associated with financially motivated hacking, "have now been tasked with either disrupting atomic plants or stealing atomic technologies." 

This analysis shows that the North Korean hackers have now been tasked with either disrupting atomic plants or stealing atomic technologies, as India is not only a nuclear power operator, but also a nuclear-armed state. This is a major upgrade of North Korea’s cyberattack capabilities, which used to be deployed against civilian targets.

The researcher also concluded that the malware entered the plant's IT networks after someone connected to KKNPP's domain clicked on a malware-laden phishing link. 

What the Lazarus Group was after, assuming the attribution that’s being widely circulated in the press holds up, remains obscure, but Indian government sources told Asia Times that the attackers were trying to glean information about the plant's nuclear fuel yields, which could have helped them better understand India's military nuclear capabilities. 

The Indian Space Research Organisation, was also warned of a DTrack infestation, believed to be of North Korean origin. The warning arrived during the space agency's Chandrayaan-2 lunar mission which failed when controllers lost contact with the spacecraft during its September 6th landing attempt. 

The motive for the attack is unclear, as is the effect, if any, it might have had on the flight. ISRO has been relatively tight-lipped about the cause of the lander’s failure. It is, we should note, the landing that failed; other aspects of the mission did not. Chandrayaan’s lunar orbiter is up and working, sending data back to ISRO’s ground station.

The group to which these various operations is being attributed is, of course, Hidden Cobra, also known as the Lazarus Group.

North Korea is also alleged to have been behind several prominent cyberattacks and crimes globally. These include hacks into South Korean banks and government agencies, and a high-profile 2014 attack on Sony Pictures, which had produced a satirical comedy featuring Kim Jong Un.

Pyongyang was also accused of cyber theft, breaking into a Bangladesh bank in 2016 and stealing crypto-currencies, likely in efforts to generate scarce income for the State. In 2018, the US Justice and Treasury Departments pinpointed a North Korean hacker, Park Jin-hyok, by name, accusing him of masterminding the Sony and Bangladesh bank attacks. The 2018 US Department of Justice indictment names Park and Lazarus, alleging that they are affiliated with the unit Cell 101.

Between the details of the computer that was used to attack the Indian nuclear power plant, the details in the malware code and the DTrack virus, Choi and other researchers are now confident that the North Koreans were behind this elaborate operation.

CyberWire:          CyberScoop:        Asia Times:  

You Might Also Read:


United Nations  Investigating N Korean Cyber Attacks:

 

 

« Iran Shuts Down The Internet
Regulatory Plans For Artificial Intelligence & Algorithms »

Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Service Supplier Directory

Cyber Security Service Supplier Directory

Free Access: Cyber Security Service Supplier Directory listing 5,000+ specialist service providers.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

eBook: Practical Guide to Security in the AWS Cloud

eBook: Practical Guide to Security in the AWS Cloud

AWS Marketplace would like to present you with a digital copy of the new book, Practical Guide to Security in the AWS Cloud, by the SANS Institute.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

I-Tracing

I-Tracing

I-TRACING are experts in IT security, specialized in legal compliance of information systems, security of information systems, and the collection of digital evidence and traces.

Zivver

Zivver

Zivver provide pioneering software that prevents data leaks when sending an e-mail, chat message or sharing a file.

First National Technology Solutions (FNTS)

First National Technology Solutions (FNTS)

First National Technology Solutions is a leading provider of flexible, customized hosted and remote managed services including IT security and compliance.

Baker Hughes (BHGE)

Baker Hughes (BHGE)

Baker Hughes strives to support customers’ efforts to secure energy operations, and we embrace industry efforts toward achieving cyber security excellence.

Pareteum

Pareteum

Pareteum is a leading Global provider of mobile networking software and services. Our mission is to provide a single solution to the problem of fully enabling and securing the Mobile Cloud.

Greenwave Systems

Greenwave Systems

Greenwave's AXON Platform enables IoT and M2M network service providers to address security, interoperability, flexibility and scalability from a single IoT platform.

NDK InfoSec

NDK InfoSec

NDK InfoSec is a specialist Information Security and Cyber Security search firm. We're not just a security function in a larger generalist recruitment company.

CyberSec&AI Connected

CyberSec&AI Connected

CyberSec&AI Connected is a virtual conference linking you to the global AI, machine learning, and cybersecurity communities — facilitating the exchange of ideas, information, and insight.

Pelion

Pelion

Pelion Connected Device Services are the easiest way to securely connect and manage your devices, allowing you to focus on forging your future.