N Korean Hackers Are Targeting India

Uploaded on 2019-11-25 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Financial, BUSINESS-Production-Energy

North Korean cyber hacker operators have apparently recently been busy and US Cyber Command has posted seven DPRK-linked malware samples to VirusTotal,  a free service that analyzes files and URLs for viruses, worms, trojans and other kinds of malicious content. 

CyberCommand says the samples are "currently used for fund generation and malicious cyber activities including remote access, beaconing, and malware command." 

The motives for other suspected North Korean attacks are still being debated.  

The Asia Times points to more evidence that North Korea was behind a malware attack on India's Kudankulam Nuclear Power Plant (KKNPP), citing an analysis by a researcher at Issue Makers Lab which found that North Korean hackers, traditionally associated with financially motivated hacking, "have now been tasked with either disrupting atomic plants or stealing atomic technologies." 

This analysis shows that the North Korean hackers have now been tasked with either disrupting atomic plants or stealing atomic technologies, as India is not only a nuclear power operator, but also a nuclear-armed state. This is a major upgrade of North Korea’s cyberattack capabilities, which used to be deployed against civilian targets.

The researcher also concluded that the malware entered the plant's IT networks after someone connected to KKNPP's domain clicked on a malware-laden phishing link. 

What the Lazarus Group was after, assuming the attribution that’s being widely circulated in the press holds up, remains obscure, but Indian government sources told Asia Times that the attackers were trying to glean information about the plant's nuclear fuel yields, which could have helped them better understand India's military nuclear capabilities. 

The Indian Space Research Organisation, was also warned of a DTrack infestation, believed to be of North Korean origin. The warning arrived during the space agency's Chandrayaan-2 lunar mission which failed when controllers lost contact with the spacecraft during its September 6th landing attempt. 

The motive for the attack is unclear, as is the effect, if any, it might have had on the flight. ISRO has been relatively tight-lipped about the cause of the lander’s failure. It is, we should note, the landing that failed; other aspects of the mission did not. Chandrayaan’s lunar orbiter is up and working, sending data back to ISRO’s ground station.

The group to which these various operations is being attributed is, of course, Hidden Cobra, also known as the Lazarus Group.

North Korea is also alleged to have been behind several prominent cyberattacks and crimes globally. These include hacks into South Korean banks and government agencies, and a high-profile 2014 attack on Sony Pictures, which had produced a satirical comedy featuring Kim Jong Un.

Pyongyang was also accused of cyber theft, breaking into a Bangladesh bank in 2016 and stealing crypto-currencies, likely in efforts to generate scarce income for the State. In 2018, the US Justice and Treasury Departments pinpointed a North Korean hacker, Park Jin-hyok, by name, accusing him of masterminding the Sony and Bangladesh bank attacks. The 2018 US Department of Justice indictment names Park and Lazarus, alleging that they are affiliated with the unit Cell 101.

Between the details of the computer that was used to attack the Indian nuclear power plant, the details in the malware code and the DTrack virus, Choi and other researchers are now confident that the North Koreans were behind this elaborate operation.

CyberWire:          CyberScoop:        Asia Times:  

You Might Also Read:


United Nations  Investigating N Korean Cyber Attacks:

 

 

« Iran Shuts Down The Internet
Regulatory Plans For Artificial Intelligence & Algorithms »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Coalfire

Coalfire

Coalfire specialises in cyber risk management and compliance. Our services span the cybersecurity lifecycle from advisory and compliance, to testing and engineering, monitoring and optimization.

Forcepoint

Forcepoint

Forcepoint provide a unified, cloud-centric platform that safeguards users, networks and data while eliminating the inefficiencies of managing multiple point security products.

National Security Agency (NSA) - USA

National Security Agency (NSA) - USA

NSA is a US intel agency responsible for the protection of government communications and information systems against penetration and network warfare.

ETAS

ETAS

ETAS (formerly Escrypt) is a pioneer and one of today’s leading solution providers for embedded IT security.

Dreamlab Technologies

Dreamlab Technologies

Over the last 20 years, Dreamlab Technologies has established itself as a source of constant innovation within the information security landscape.

Harel Mallac Technologies

Harel Mallac Technologies

Harel Mallac Technologies is a Mauritian organisation that has developed a strong network of ICT specialists with nodes across the African continent.

PSYND

PSYND

PSYND is a Swiss consultancy company based in Geneva specialized in CyberSecurity and Identity & Access Management.

Inavate Consulting

Inavate Consulting

Inavate Consulting are experts in defining and implementing information assurance solutions and governance frameworks. Our ISO27001 consultants are the most experienced in the industry.

EuraTechnologies

EuraTechnologies

EuraTechnologies, the French incubator and accelerator, is a centre of excellence and innovation for startups and entrepreneurs with a focus on Digital, Data, Cybersecurity and IoT.

972VC

972VC

972VC was created to help entrepreneurs find potential funding for their startups. Your guide to the Israeli startup funding ecosystem.

SAIFE

SAIFE

SAIFE has adapted a Software Defined Perimeter approach and paired it with a Zero Trust model that defines access by the user, their device, and where they are located.

Shevirah

Shevirah

Shevirah specializes in products for automated mobile and IoT device vulnerability assessment, penetration testing, and mobile security awareness training.

CyberLab

CyberLab

CyberLab (formerly Chess) is a specialist cyber security company that provides a wide range of security solutions and services.

CAT Labs

CAT Labs

CAT Labs is building digital asset recovery and cybersecurity tools to enable governments to fight crypto crime and to protect investors from hacks, fraud and scams.

DNSFilter

DNSFilter

DNSFilter is the most accurate threat detection and content filtering tool on the market today.

Thero6

Thero6

Thero6 develop dynamic financial analysis algorithms that help prevent coin collapses and theft of cryptocurrency funds by identifying the transaction absolutely throughout the chain.