N.Korean Hackers Are Working With European Criminals

Uploaded on 2020-01-07 in INTELLIGENCE--Europe, GOVERNMENT-National, FREE TO VIEW, INTELLIGENCE-Hot Spots-Iran, TECHNOLOGY--Hackers

North Korean state-backed hackers appear to be cooperating with Eastern European cybercriminals according the experts at Sentinel Labs, the newly created threat intelligence divison of SentinelOne. Their finding  suggests digital gangsters and state-backed spies are finding ways to work together online. 

Lazarus Group (also known as “Lazarus,” “Hidden Cobra,” and “Kimsuky”) is an advanced persistent threat (APT) group comprised of operators from “Bureau 121”, the cyber warfare division of North Korea’s clandestine Reconnaiance General Bureau (RGB0 intelligence unit. 

The group has been active since at least 2009 and isthought to operate fromf a multitude of international locations. The 
 Sentinel Labs researcers say that the Lazarus Group, which American prosecutors accuse of organising the leak of emails from Sony Pictures and stealing millions of dollars from the Central Bank of Bangladesh, is getting access to some of its victims through a cybercrime gang dubbed “TrickBot.” 

Lazarus appears to have been interested in a variety of sectors and targets in the last eighteen months, including crypto-currency exchanges, financial institutions, non-governmental organisations, and South Korean individuals. Many North Korea cyber operators are likely not only self-funded but also tasked with earning income for the North Korean regime; Lazarus Group has likely targeted banks crypto-currency exchanges and users to achieve this goal. “For me it’s the biggest crimeware story since I don’t-know-when,” said Vitali Kremez of SentinelOne. “The Lazarus group has a relationship with the most sophisticated, most resourceful Russian botnet operation on the landscape.” 

Clues that Lazarus and TrickBot operators are cooperating have surfaced before when in  April last year BAE researchers developed the theory that the cybercriminals were selling access to compromised organisations to Lazarus.

Subsequentky, the cybersecurity arm of Japanese telecommunications company NTT speculated here that North Korea might be collaborating with Lazarus and TrickBot's operators. Kremez said he found evidence. TrickBot communicated with a Lazarus-controlled server just a couple of hours before that same server was used to help break into the Chilean inter-bank network earlier this year, he said. American officials have also blamed the multi-million dollar heist on North Korea. “That’s the strongest possible evidence linking to a celebrated case of Lazarus intrusion,” said Kremez who also that he thinks the TrickBot operators were likely renting out its services to the North Koreans, or perhaps working on a commission basis. 

Kremez is supported by the experts at Cybereason, which has published a separate report on Trickbot's operations and are reported to be certain that the cybercriminals knew that they were dealing with the North Korean government. 

Sentinel One:            Reuters:         Cybereason

You Might Also Read:

N. Korea’s Hackers Stole $2b To Fund Its Missile Program:

 

 

 

« Warning: Smart TVs Are The IoT Gateway Into Your Home
Cyber Spying For A Future War »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Optimum Insurance

Optimum Insurance

Optimum's Cyber Risk & Data Protection Insurance policies are designed to protect against cyber exposures that arise when a company’s data and customer information is breached or stolen.

VNCERT

VNCERT

VNCERT is the national Computer Emergency Response Team for Vietnam.

Cyber 2.0

Cyber 2.0

Cyber 2.0 is the only system in the world that blocks all forms of cyber attack within the organization, including new and unfamiliar attack methods.

Bolton Labs

Bolton Labs

Bolton Labs is a leading provider cybersecurity services, tools, and analysis for MSPs and organizations who want to scale their security offerings.

CLDigital

CLDigital

CLDigital's no-code risk and resilience platform, CL360, provides leaders with risk and resilience data to make strategic and tactical continuity decisions.

Axcient

Axcient

Axcient offers MSPs the most secure backup and disaster recovery technology stack with a proven Business Availability suite.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Beyond Identity

Beyond Identity

Beyond Identity employs an elegantly simple concept, the personal certificate authority and self signed certificates, to replace passwords.

689cloud

689cloud

689Cloud is a cloud content collaboration platform that allows users to protect, track, and control files AFTER they have been shared.

SpeQtral

SpeQtral

SpeQtral offers commercial space-based Quantum Key Distribution (QKD) founded on technology developed at the National University of Singapore.

Prancer

Prancer

Prancer is the industry's first cloud-native, self-service SAAS platform for automated security validation and penetration testing in the cloud.

ACL Digital

ACL Digital

ACL Digital, an ALTEN Group company, is a leader in design-led digital experience, innovation, enterprise modernization, and product engineering services converging to Technology, Media & Telecom.

GoPro Consultants

GoPro Consultants

GoPro Consultants is an IT Consultancy and IT Managed services provider Globally with immeasurable expertise of IT professionals in Hardware/Support & Consultancy and Project Planning.

Intel Ignite

Intel Ignite

Intel Ignite is an internationally renowned acceleration program for early-stage deep tech startups.

Multipoint Group

Multipoint Group

Multipoint is an information security and protection solutions company operating in the South EMEA region through value-added distribution channels.

Badge

Badge

Badge authenticates you on-demand for every application, on any device, without storing any secrets.