N Korean Hackers Are Targeting India

Uploaded on 2019-11-25 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Financial, BUSINESS-Production-Energy

North Korean cyber hacker operators have apparently recently been busy and US Cyber Command has posted seven DPRK-linked malware samples to VirusTotal,  a free service that analyzes files and URLs for viruses, worms, trojans and other kinds of malicious content. 

CyberCommand says the samples are "currently used for fund generation and malicious cyber activities including remote access, beaconing, and malware command." 

The motives for other suspected North Korean attacks are still being debated.  

The Asia Times points to more evidence that North Korea was behind a malware attack on India's Kudankulam Nuclear Power Plant (KKNPP), citing an analysis by a researcher at Issue Makers Lab which found that North Korean hackers, traditionally associated with financially motivated hacking, "have now been tasked with either disrupting atomic plants or stealing atomic technologies." 

This analysis shows that the North Korean hackers have now been tasked with either disrupting atomic plants or stealing atomic technologies, as India is not only a nuclear power operator, but also a nuclear-armed state. This is a major upgrade of North Korea’s cyberattack capabilities, which used to be deployed against civilian targets.

The researcher also concluded that the malware entered the plant's IT networks after someone connected to KKNPP's domain clicked on a malware-laden phishing link. 

What the Lazarus Group was after, assuming the attribution that’s being widely circulated in the press holds up, remains obscure, but Indian government sources told Asia Times that the attackers were trying to glean information about the plant's nuclear fuel yields, which could have helped them better understand India's military nuclear capabilities. 

The Indian Space Research Organisation, was also warned of a DTrack infestation, believed to be of North Korean origin. The warning arrived during the space agency's Chandrayaan-2 lunar mission which failed when controllers lost contact with the spacecraft during its September 6th landing attempt. 

The motive for the attack is unclear, as is the effect, if any, it might have had on the flight. ISRO has been relatively tight-lipped about the cause of the lander’s failure. It is, we should note, the landing that failed; other aspects of the mission did not. Chandrayaan’s lunar orbiter is up and working, sending data back to ISRO’s ground station.

The group to which these various operations is being attributed is, of course, Hidden Cobra, also known as the Lazarus Group.

North Korea is also alleged to have been behind several prominent cyberattacks and crimes globally. These include hacks into South Korean banks and government agencies, and a high-profile 2014 attack on Sony Pictures, which had produced a satirical comedy featuring Kim Jong Un.

Pyongyang was also accused of cyber theft, breaking into a Bangladesh bank in 2016 and stealing crypto-currencies, likely in efforts to generate scarce income for the State. In 2018, the US Justice and Treasury Departments pinpointed a North Korean hacker, Park Jin-hyok, by name, accusing him of masterminding the Sony and Bangladesh bank attacks. The 2018 US Department of Justice indictment names Park and Lazarus, alleging that they are affiliated with the unit Cell 101.

Between the details of the computer that was used to attack the Indian nuclear power plant, the details in the malware code and the DTrack virus, Choi and other researchers are now confident that the North Koreans were behind this elaborate operation.

CyberWire:          CyberScoop:        Asia Times:  

You Might Also Read:


United Nations  Investigating N Korean Cyber Attacks:

 

 

« Iran Shuts Down The Internet
Regulatory Plans For Artificial Intelligence & Algorithms »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Protective Intelligence

Protective Intelligence

Protective Intelligence brings together a group of information security specialists with a passion for delivering high-quality solutions.

National Cyber Security Centre (NKSC) - Lithuania

National Cyber Security Centre (NKSC) - Lithuania

NKSC is the main Lithuanian cyber security institution, responsible for unified management of cyber incidents, monitoring and control of the implementation of cyber security requirements.

CybelAngel

CybelAngel

CybelAngel is a leading digital risk protection platform that detects and resolves external threats before these wreak havoc.

Korea Internet & Security Agency (KISA)

Korea Internet & Security Agency (KISA)

KISA is committed to improving the competitiveness, reliability and security of Internet information and knowledge in Korea.

Baffle

Baffle

Baffle is pioneering a solution that makes data breaches irrelevant by keeping data encrypted from production through processing.

PT Netmarks Indonesia

PT Netmarks Indonesia

PT Netmarks Indonesia is an IT solutions provider offering services related to ICT infrastructure, digital transformation and cyber security.

Communications Authority of Kenya

Communications Authority of Kenya

The Authority is responsible for facilitating the development of the information and communications sectors including; broadcasting, telecommunications, electronic commerce and cybersecurity.

Redborder

Redborder

Redborder is an Open Source network visibility, data analytics, and cybersecurity Big Data solution that is scalable up to the needs of enterprise networks and service providers.

Attack Research

Attack Research

We go far beyond standard tools and scripted tests. Find out if your network or technology can stand real-world and dedicated attackers.

US Venture Partners (USVP)

US Venture Partners (USVP)

USVP is a leading Silicon Valley venture capital firm focusing on early-stage start-ups that transform cybersecurity, enterprise software, consumer mobile and e-commerce, and healthcare.

BullGuard

BullGuard

BullGuard is an award-winning cybersecurity company focused on providing the consumer and small business markets with the confidence to use the internet in absolute safety.

SyferLock Technology Corp.

SyferLock Technology Corp.

SyferLock is an innovative provider of next-generation authentication and security solutions.

Unit21

Unit21

Unit21 helps protect businesses against adversaries through a simple API and dashboard for detecting and managing money laundering, fraud, and other sophisticated risks across multiple industries.

Nextgen Group

Nextgen Group

Nextgen Group is a pioneering technology services group with innovative and unique services across enterprise software, cloud, data management, and cybersecurity solutions.

Global Market Innovators (GMI)

Global Market Innovators (GMI)

Global Market Innovators (GMI) delivers secure technology solutions to organizations in need.

Corsearch

Corsearch

Combining AI-powered technology and decades of industry expertise, Corsearch is revolutionizing how companies establish and protect their brands.