North Korean Hackers Have Stolen $2billion

North Korea has stolen $2 billion by launching cyber attacks on financial organisations and crypto-currency exchanges and  the money has been used to buy military equipment. 

United Nations experts say North Korea used cyberspace to launch increasingly sophisticated attacks to steal funds from financial institutions and cryptocurrency exchanges to generate income. They also used cyber-space to launder the stolen money. According to a report submitted to the UN Security Council committee, the widespread and “increasingly sophisticated” attacks saw North Korean hackers stealing funds and attempting to launder the stolen money. 

The leaked UN Report, said the DPRK hackers target the financial institutions and crypto exchanges across 17 countries.
The report also cites two 2018 bank attacks that, like the Bangladesh Bank incident, tapped into the Swift messaging system: a $10 million theft from Banco de Chile and a $13.5 million ATM cash-out hit on Cosmos Bank in India. "Democratic People's Republic of Korea (DPRK) cyber actors, many operating under the direction of the Reconnaissance General Bureau, raise money for its WMD (weapons of mass destruction) programs, with total proceeds to date estimated at up to $2 billion," the report said. 

Crypto-currencies were targeted by hackers because they are less easy to trace. According to the leaked UN report, the attacks on crypto-currency exchanges allowed North Korea “to generate income in ways that are harder to trace and subject to less government oversight and regulation than the traditional banking sector.” 

The news North Korea is using cyberspace to steal cryptocurrencies and mine bitcoin isn’t new. In March, a UK report said North Korean hackers had stolen around $571 million across at least five cryptocurrency exchanges in Asia between January 2017 and September 2018. 

The leaked UN report shows just how developed the nation’s capabilities are becoming, says Philip Ingram, a former colonel in British military intelligence. “The worrying thing is: If they can do this, they are just as capable of stealing intellectual property (IP), enabling them to maintain their scientific and engineering development.”

Additionally, Ingram says, it raisesquestions about who the country is buying its weapons from. “Who are the countries ignoring international sanctions and supplying advance engineering capability and weapons or weapons parts to North Korea? They don't need the money for internal use.”

A spokesman for international insurance firm AMTrust Europe says the move shows the regime “looking at cyber to level the playing field”. However, they don't see North Korea as a big threat when compared with the combined power and funding of the big 5Eyes Australia, Canada, New Zealand, the UK and the US. 

North Korea's state-sponsored hacking crews are breaking into online stores to insert malicious code that can steal buyers' payment card details as they visit the checkout page and fill in payment forms.Attacks on online stores have been going on since May 2019, according to the  Dutch cybersecurity firm SanSec.

The fact that North Korean hackers have been involved in web skimming incidents is not a surprise to industry experts, as they have consistently gravitated towards any type of cybercrime that can generate a profit.

The US government also has said it wants to seize 113 crypto-currency accounts associated with North Korean money laundering, a high-tech cat-and-mouse-style conflict in which money launderers have turned to elaborate automated schemes to conceal their cryptocurrency transactions and frustrate law enforcement.

Forbes:       FinExtra:        ZDNet:       MITechnolgy Review:

You Might Also Read: 

N.Korean Hackers Are Working With European Criminals:

 

 

« Russian Hackers At Work Stealing Coronavirus Vaccine Data
Google Doubles Down On India »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ON-DEMAND WEBINAR: How to build and implement an effective endpoint detection and response strategy

ON-DEMAND WEBINAR: How to build and implement an effective endpoint detection and response strategy

Discover how you can implement endpoint detection and response (EDR) tools into your security strategy.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Varonis

Varonis

Varonis provide a security software platform to let organizations track, visualize, analyze and protect their unstructured data.

Lookout

Lookout

Lookout takes a mobile-first approach to security and protects mobility for some of the world's largest enterprises, critical government agencies, and millions of individuals worldwide.

TraceSecurity

TraceSecurity

TraceSecurity, a leading pioneer in cloud-based security solutions, provides IT governance, risk and compliance (GRC) management solutions.

Rafael

Rafael

Rafael has more than 15 years of proven experience in the cyber arena providing solutions for national security as well as commercial applications.

Secure Decisions

Secure Decisions

Secure Decisions focus on research and product development related to national security including information assurance, computer network defense, cyber security education, and application security.

Future of Cyber Security Europe

Future of Cyber Security Europe

Future of Cyber Security Europe is a European wide event examining the latest cyber security strategies and technologies.

Trapmine

Trapmine

TRAPMINE is an innovative cybersecurity products company mainly focusing on protecting organizations from Advanced Persistent Threat & Zero-Day attacks.

Blueskytec (BST)

Blueskytec (BST)

BST provide accredited, patent-pending commercial cyber security hardware and software to protect your cyber physical systems from attack.

Stratus Cyber

Stratus Cyber

Stratus Cyber is a premier Cyber Security company specializing in Managed Security Services. Our services include Blockchain Security, Pentesting, and Compliance Assessments.

Estio Training

Estio Training

Estio Training is a specialist digital and IT apprenticeships provider, dedicated to introducing new skills and developing existing talent in businesses across the UK.

DDLS

DDLS

DDLS is Australia's largest provider of corporate IT, process training and cybersecurity training courses and certification programs.

NOW Insurance

NOW Insurance

NOW Insurance provides small business owners and other professional classes with a seamless purchasing experience for general liability, professional liability, and cybersecurity insurance coverage.

Acmetek Global Solutions

Acmetek Global Solutions

Acmetek is a Global Distributor and a Trusted Advisor of PKI /IOT & SSL Security Products and a Managed Services Company.

Pristine InfoSolutions

Pristine InfoSolutions

Pristine InfoSolutions is a global IT services and Information Security Company focused on delivering smart, next-generation business solutions.

FourNet

FourNet

FourNet is an award-winning provider of cloud and managed services; we work closely with our clients to enable digital transformation across their organisation.

PROVINTELL Cyber Security

PROVINTELL Cyber Security

PROVINTELL is a Managed Security Service Provider (MSSP) specialising in Next-Gen Cyber Defense and Response to detect and respond to threats.