North Korea's Cyber Army Has A New Battalion

Uploaded on 2018-03-01 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-North Korea, GOVERNMENT-National, FREE TO VIEW, TECHNOLOGY--Hackers

An increasingly sophisticated North Korean cyber-espionage unit is using its skills to widen spying operations into aerospace and defence industries, a new study has revealed.

FireEye, a US private security company that tracks cyber-attackers around the world, has identified a North Korean group, which it names APT37 (Reaper) and which it says is using malware to infiltrate computer networks. The report suggests the group has been active since 2012, but has now graduated to the level of an advanced persistent threat.

Until now, the group has substantially focused its cyber-espionage efforts on South Korea, but FireEye outlines evidence that it “has expanded its operations in both scope and sophistication”.

“We assess with high confidence that this activity is carried out on behalf of the North Korean government,” the report says.

Background

Recently the North Korean hackers hit the systems of the Israeli energy company to attempt to penetrate the best electronic protection systems, South Korea's newspaper Naver reported. According to the company’s experts, the North Korean cyber actors have real capabilities to damage the infrastructure of the United States, Japan and other countries. 

Last year, experts warned that the North Korean cyber army could be far more dangerous to global security than its nuclear missiles. 

“North Korean cyberattacks and other malicious cyber activities pose a risk to critical infrastructure in countries around the world and to the global economy,” the statement said.

Since 2011, Pyongyang has been scaling up its cyber capacities. The North Korean regime is suspected to be exploiting its cyber weapons for political purposes to intimidate its opponents as well as to steal crypto-currency.


North Korean hackers are involved in major cyber offensives

In 2013, the three largest broadcasting companies and two banking institutions of South Korea suffered a massive attack against their systems. According to Shinhan Bank and Nonghyup Bank representatives, about 32,000 computers were infected while internet banking and ATMs stopped working.

While Pyongyang still denies any involvement, cybersecurity experts pointed to North Korean group Lazarus.

In August 2014, North Korea hacked the UK's Channel 4 TV station to prevent the production of a drama depicting the fictional story of a nuclear scientist kidnapped in the country. However, one of the most advanced attacks was the intrusion into the network of Sony Corporation in September 2014. The malware destroyed 70% of information stored in the company’s computers. According to Jim Lewis, senior fellow at the Center for Strategic and International Studies, the attack turned out to be the worst of its type on a company on US soil.

North Korean hackers raise funds for regime 

International sanctions forced Kim Jong-un to look for alternative and illegal sources of financing. By late 2015, the North Korean hackers shifted their attention to the global financial system, according to researchers at BAE Systems, FireEye and Symantec. 

In 2016, they were about to commit the most astonishing bank robbery in history. The cyber-criminals were close to stealing a billion dollars from the Federal Reserve of New York and only a misprint in the word "foundation" kept them from it. 

North Korean state-backed hackers have been also accused of the WannaCry ransomware attack that affected hundreds of thousands of computers worldwide in 2017. Taking into account large amounts of stolen money, it becomes clear that despite the growing political and economic pressure Pyongyang will be able to stay afloat for long.
 
According to the commander of the US forces in South Korea, General Brooks, the North Korean military forces are currently capable of carrying out the most efficient and well-prepared cyber-attacks in the world. Robert Hannigan, former director of the of Britain'd GCHQ spy agency says that as of June 2017, North Korea had 1,700 state-sponsored hackers and more than 5,000 support staff personnel. 

They all operate under the Main Intelligence Department of North Korean Armed Forces, known as Unit 586. The so-called Bureau 121 is the main unit conducting cyberattacks abroad. The US Department of Homeland Security refers to this structure as Hidden Cobra, while private companies gave the common name Lazarus to all North Korean hackers. But no one exactly knows how many different subdivisions the North Korea's cyber-army has.

Earlier this year, cyber-security firm McAfee reported that hackers have targeted organisations involved in the 2018 Pyeongchang Winter Olympics.  The malicious actors attempted to obtain passwords and sensitive financial data.

Some analysts believe that the ongoing talks between Pyongyang and Seoul are Kim Jong-un ruse aimed to distract attention from the North Korea’s nuclear program and its malicious activities in cyberspace. But even if talks go smoothly, Pyongyang will never give up further development of its cyber weapons.

North Korea’s advanced cyber warfare capabilities could be truly scaring and risk escalating the crisis. As international bodies consider enforcing sanctions, Pyongyang continues its campaign of outright theft. Korean Olympic detente won’t last forever. Next time when Kim Jong-Un feels trapped or insulted his cyber army will be ready to wreak havoc.

Infosecurity Magazine:            Guardian

You Might Also Read: 

N Korea Is A Bigger Cyber Threat Than Russia:

Looming Cyber Threats From Russia & N. Korea:

Poor North Korea Is A Cyber Superpower:


 

 

« Corporate Defence Plan Against Cyberattacks
GDPR Will Fuel Criminal Extortion »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Oodrive

Oodrive

Oodrive is the first trusted European collaborative suite allowing users to collaborate, communicate and streamline business with transparent tools that ensure security.

Granite Partners

Granite Partners

Granite is a cloud service for the development of business risk management, cyber security and privacy and occupational safety and health.

MIT Internet Policy Research Initiative (IPRI)

MIT Internet Policy Research Initiative (IPRI)

IPRI's mission is to work with policy makers and technologists to increase the trustworthiness and effectiveness of interconnected digital systems

IT Association of Slovakia (ITAS)

IT Association of Slovakia (ITAS)

ITAS is a professional association of domestic and foreign companies operating in the field of information and communication technologies

Picus Security

Picus Security

Huge gaps often exists between the "perceived"​ and "actual"​ IT security level of an organization. Picus Security continuously assesses security controls and reveals deficient ones before hackers do.

Global Lifecycle Solutions EMEA (Global EMEA)

Global Lifecycle Solutions EMEA (Global EMEA)

Global EMEA provides full lifecycle services to corporate Clients covering procurement, configuration, support, maintenance and end-of-life asset management.

QuillAudits

QuillAudits

QuillAudits offers advanced Ethereum, EOS, TRON smart contract audit, blockchain protocol security and formal verification to ensure your platform’s integrity.

Wizard Cyber

Wizard Cyber

At Wizard Cyber, we simplify cyber security, delivering an advanced service that protects your high-risk assets from the complex threats that technology alone can miss, 24/7.

Com Olho

Com Olho

Com Olho provides the measurement, analytics, quality assurance, and fraud protection technologies brands need for their business and customers.

Xceptional

Xceptional

Xceptional is a multi-award-winning technology services firm that celebrates the unique strengths of people with autism.

Phriendly Phishing

Phriendly Phishing

Phriendly Phishing offers phishing awareness training programs designed to ward off potential security threats and minimise the impact of cyber attacks.

Cynical Technology

Cynical Technology

Cynical Technology is a Nepalese cybersecurity company with expertise in security consulting, auditing, testing and compliance.

V2X

V2X

V2X delivers IT support, networking, and cybersecurity solutions that ensure optimal mission support and performance.

Blue Bastion

Blue Bastion

Don’t give cybercriminals the chance to find weaknesses in your company’s cyber security system. Defend your institution from all attacks from all directions with Blue Bastion.

Insurica

Insurica

INSURICA is a full-service insurance agency built upon a tradition of integrity, industry leadership, and excellence.

Aspiron Search

Aspiron Search

Aspiron Search is a niche-focused Cybersecurity search firm that works exclusively with venture-backed Cybersecurity firms.