North Korean Hackers Have Stolen $2billion

North Korea has stolen $2 billion by launching cyber attacks on financial organisations and crypto-currency exchanges and  the money has been used to buy military equipment. 

United Nations experts say North Korea used cyberspace to launch increasingly sophisticated attacks to steal funds from financial institutions and cryptocurrency exchanges to generate income. They also used cyber-space to launder the stolen money. According to a report submitted to the UN Security Council committee, the widespread and “increasingly sophisticated” attacks saw North Korean hackers stealing funds and attempting to launder the stolen money. 

The leaked UN Report, said the DPRK hackers target the financial institutions and crypto exchanges across 17 countries.
The report also cites two 2018 bank attacks that, like the Bangladesh Bank incident, tapped into the Swift messaging system: a $10 million theft from Banco de Chile and a $13.5 million ATM cash-out hit on Cosmos Bank in India. "Democratic People's Republic of Korea (DPRK) cyber actors, many operating under the direction of the Reconnaissance General Bureau, raise money for its WMD (weapons of mass destruction) programs, with total proceeds to date estimated at up to $2 billion," the report said. 

Crypto-currencies were targeted by hackers because they are less easy to trace. According to the leaked UN report, the attacks on crypto-currency exchanges allowed North Korea “to generate income in ways that are harder to trace and subject to less government oversight and regulation than the traditional banking sector.” 

The news North Korea is using cyberspace to steal cryptocurrencies and mine bitcoin isn’t new. In March, a UK report said North Korean hackers had stolen around $571 million across at least five cryptocurrency exchanges in Asia between January 2017 and September 2018. 

The leaked UN report shows just how developed the nation’s capabilities are becoming, says Philip Ingram, a former colonel in British military intelligence. “The worrying thing is: If they can do this, they are just as capable of stealing intellectual property (IP), enabling them to maintain their scientific and engineering development.”

Additionally, Ingram says, it raisesquestions about who the country is buying its weapons from. “Who are the countries ignoring international sanctions and supplying advance engineering capability and weapons or weapons parts to North Korea? They don't need the money for internal use.”

A spokesman for international insurance firm AMTrust Europe says the move shows the regime “looking at cyber to level the playing field”. However, they don't see North Korea as a big threat when compared with the combined power and funding of the big 5Eyes Australia, Canada, New Zealand, the UK and the US. 

North Korea's state-sponsored hacking crews are breaking into online stores to insert malicious code that can steal buyers' payment card details as they visit the checkout page and fill in payment forms.Attacks on online stores have been going on since May 2019, according to the  Dutch cybersecurity firm SanSec.

The fact that North Korean hackers have been involved in web skimming incidents is not a surprise to industry experts, as they have consistently gravitated towards any type of cybercrime that can generate a profit.

The US government also has said it wants to seize 113 crypto-currency accounts associated with North Korean money laundering, a high-tech cat-and-mouse-style conflict in which money launderers have turned to elaborate automated schemes to conceal their cryptocurrency transactions and frustrate law enforcement.

Forbes:       FinExtra:        ZDNet:       MITechnolgy Review:

You Might Also Read: 

N.Korean Hackers Are Working With European Criminals:

 

 

« Russian Hackers At Work Stealing Coronavirus Vaccine Data
Google Doubles Down On India »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ON-DEMAND WEBINAR: How to improve your security posture with a web application firewall (WAF)

ON-DEMAND WEBINAR: How to improve your security posture with a web application firewall (WAF)

Watch this webinar to discover how a WAF goes beyond a standard firewall and helps you meet security industry compliance.

a1qa

a1qa

a1qa specializes in the delivery of full-cycle software QA and application testing services.

BaseN

BaseN

BaseN is a full stack IoT Operator. We control the full value chain in order to provide ultimate scalability, fault tolerance and security to our customers.

SISA

SISA

SISA is a payment security specialist providing payment security assurance services, training and products to over 1,000 customers across the globe.

Bangladesh Association of Software & Information Services (BASIS)

Bangladesh Association of Software & Information Services (BASIS)

BASIS is the national trade body for Software & IT Enabled Service industry of Bangladesh.

Rule4

Rule4

Rule4 is a global professional services firm that provides practical, real-world knowledge and solutions in areas including cybersecurity, AI, Machine Learning and industrial control systems.

Sierra Ventures

Sierra Ventures

Sierra Ventures is an early-stage venture firm investing globally with a focus on Next Generation Enterprise and Emerging Technologies.

PizzlySoft

PizzlySoft

PizzlySoft is a global company that is seeking convergence of network and security / software and hardware. We put our value on creating the best security.

SecureWorx

SecureWorx

SecureWorx are a secure multi-cloud MSP, a provider of advanced IT security services and an independent cyber security advisory.

Quintillion Consulting

Quintillion Consulting

Quintillion Consulting is a strategic risk based consulting firm. We help companies safeguard the core business and IT capabilities that deliver competitive advantage.

Motiv ICT Security

Motiv ICT Security

Motiv is the ICT security specialist that provides public and private sector organisations with IT security solutions and services to prevent cybercrime, data theft and data breaches.

Stone Forest IT (SFIT)

Stone Forest IT (SFIT)

Stone Forest IT specialises in providing advisory, implementation and managed services for IT infrastructure, IT security solutions, business applications (ERP and CRM) and business analytical tools.

BriskInfosec Technology & Consulting

BriskInfosec Technology & Consulting

BriskInfosec provides information security services, products and compliance solutions to our customers.

StrataCore

StrataCore

StrataCore is a single-source technology lifecycle advocate that works behind IT teams as a strategic partner to help them achieve peak enterprise outcomes.

Diligent

Diligent

Diligent's SaaS GRC platform gives leaders a connected view of governance, risk, compliance and ESG across their organization.

Sify Technologies

Sify Technologies

Sify is the largest ICT service provider, systems integrator, and all-in-one network solutions company on the Indian subcontinent.

RubinBrown

RubinBrown

RubinBrown LLP is a leading accounting and professional consulting firm. The RubinBrown name and reputation are synonymous with experience, integrity and value.