Inside story of North Korea’s multi-faceted illicit cyber activities 

Khabarhub

August 5, 2019

10 MIN READ

Inside story of North Korea’s multi-faceted illicit cyber activities 
  • 23
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
    23
    Shares

KATHMANDU: North Korea seems to be adamant on its stance in carrying out cyber espionage, cyber operation, and conducting ballistic missile tests through illicit means despite being barred from ballistic missile tests under UN resolutions.

This isolated country, as reports suggest, has also been using cyber operations to generate revenue for the government, to acquire foreign technologies related to mass destruction and missiles, as well as mining crypto-currencies on hacked computers.

The North Korean hackers, who have basically targeted American or European businesses, continued their activities and hit over 100 targets in the United States and its ally nations, even as President Donald Trump was meeting with North Korea’s Kim Jong-Un in Hanoi in February this year, according to The New York Times.

Several infamous cyber-attacks by North Korea in the past few years have been linked to the country’s state-sponsored highly-skilled hackers. These operations, as reports suggest, have proven to be ‘exceptionally lucrative’.

Based on their observation in real time, McAfee researchers said they (North Korean hackers) attacked computer networks of over a hundred companies in the US and other countries.

Several infamous cyber-attacks by North Korea in the past few years have been linked to the country’s state-sponsored highly-skilled hackers. These operations, as reports suggest, have proven to be ‘exceptionally lucrative’.

Khabarhub, had in April this year, exposed North Korean’s operation of cyber espionage in Kathmandu. These hackers or agents basically feign jobs as businessmen or traders and run their illicit operations at night.

The hackers are connected with various global cyber-criminal groups for cyber espionage and hacking.

Experts caution that connection between North Korean state and the multifaceted criminal syndicates show that North Korea is not a normal state. They warn that countries, including Nepal should be extremely aware about cyber vulnerabilities since these countries could be vulnerable to North Korean cyber-crime targets.

Meanwhile, such growing cyber-crime efforts aimed at generating hard currency for the regime has multiplied global cyber threat, including developing countries especially in South Asia.

These hackers, meanwhile, continue to unleash distributed denial of service (DDoS) and disk-wiping attacks over the years targeting banks and other services in several countries, including Nepal, Bangladesh, South Korea, and the United States (US), India, Thailand, Poland, the Philippines, Vietnam, Peru, Australia, Nigeria, Japan, Mexico, and Singapore.

If reports are to be considered, these hackers have pulled in more than $650 million in just a few years.

It should be noted that in early 2016, the North Korean regime came close to pocketing US$951 million from a Bangladesh bank (Bangladesh Central Bank) over the global SWIFT financial network.

The figure comes from Simon Choi, who has been leveled as one of the most authoritative sources on North Korean hackers. Choi, a consultant to South Korea’s National Intelligence Service, has spent much of his life chasing the hackers’ digital trail.

According to The Daily Star, Choi said that authorities have only been able to uncover about 30 percent of the North Korean’s total hacking. He says it is just a portion of their activity.

The report says North Korea’s hackers ranks No 1 in the world in terms of hacking. In fact, reports have suggested that the North Korean regime has been emphasizing cybercrime activities and that the country has currently an estimated 3,000 to 6,000 hackers overseas.

It should be noted that in early 2016, the North Korean regime came close to pocketing US$951 million from a Bangladesh bank (Bangladesh Central Bank) over the global SWIFT financial network.

The infamous ‘Lazarus Group’, which is believed to be in several bank attacks, made off with only $81 million from the bank in Bangladesh due to a misspelling. This attack, however, has been billed as one of the most ‘sensational attacks’ by North Korean hackers.

The Lazarus hacker’s group, run by the North Korean army intelligence, funnels billions of money to North Korea after hacking from different countries. South Asia, including Nepal, is becoming the group’s recent target. This group had earlier hacked Rs. 460 million from the Kathmandu-based NIC Asia Bank in 2017.

This is one of the reasons why the adoption of cryptocurrencies has been an advantage for Pyongyang, which has been beleaguered by Western sanctions.

Likewise, in 2018, the North Korean hackers hacked around $13.5 million from India’s Cosmos Bank. Hackers also penetrated the Bank of Chile’s ATM network and made off $10 million.

This group has been blamed for the WannyCry ransomware in 2017 which spread to computers in 150 countries. They work in such a way that the ‘hijacked machines’ route the software that earns digital currency by performing a computationally tough task. The funds then are directed into an account drawn by the hackers.

This is one of the reasons why the adoption of cryptocurrencies has been an advantage for Pyongyang, which has been beleaguered by Western sanctions.

For instance, according to new information concerning Bangladesh’s Dutch Bangla Bank theft, nine ATMs of the bank had fallen prey to hackers, mostly Ukrainian nationals believed to be members of “Hidden Cobra” — a North Korean hacker group, which has links to the “Lazarus Group” that was involved in the heist of the Bangladesh Bank in 2016.

On May 31 and June 1 this year, around Tk 16 lakh was siphoned off from nine of the bank’s ATMs in different areas in Dhaka, the country’s capital.

This time, the hackers are said to have used a new method, which Bangladesh police said, were not seen before. Earlier, the hackers used to use cloned cards.

They used a card which when inserted in the ATM, severed ATM’s connection with the bank’s server making them easier to take out the money. This new method ‘Tyupkin’ left no record of the transaction in the server.

Kim Jong Un using a computer. Photo: KCNA

Tyupkin, which was discovered in 2014, disables all the network connections when the machine gets infected with it.

How North Korea launches successful cyber-attacks? 

Questions might arise: How such an impoverished country having a primitive digital infrastructure and faces constant power outages, launch attacks from its home soil?

As ‘Medium’ cites Kim Heung-Kwang, a 58-year-old computer scientist in Seoul, as saying that several North Korean hackers live abroad, including China, where internet speed is faster.

Several clues left by these hackers have suggested that they operate their illicit activities and operation from India, Nepal, Malaysia, Indonesia, and even from Mozambique.

A firm, Recorded Future, which monitors cyber threats worldwide, has claimed that North Korean hackers observe Amazon and other sites. They are also found to be using iPhones and iPads. Interestingly, North Korea’s leader Kim Jong-un has also been spotted using Apple computers.

These hackers, who have basically targeted American or European businesses, continued their activities even as President Donald Trump was meeting with North Korea’s Kim Jong-un in Hanoi in February this year. According to researchers at McAfee, a cyber-security company, they endeavored to hack banks and utilities.

North Korea’s greatest hacks

North Korean hackers sneaked into the digital infrastructure of Sony Pictures in 2014 when the latter was all set to release “The Interview,” a whacky comedy on the assassination of Kim Jong-un. Hackers then wiped the data leaking excruciating emails until Sony canceled the film’s release.

Likewise, North Korean hackers used a worm called “WannaCry” and seized Microsoft computers worldwide in 2017 making the devices useless unless the Microsoft paid a ransom in Bitcoin. Around 200,000 computers in over 150 countries were affected then.

Also Read

North Korean illicit activities go unabated in Nepal

Illegal North Korean hospital shut down in Nepal

North Korean Embassy requests Khabarhub to delete ‘unproductive articles

US expresses concerns over North Korean’s illegal activities in Nepal

Sans work permit, North Korean doctors work illegally in Nepal

North Korean hackers multiply as Nepal govt. turns blind eye

Car manufacturers refuse to sell vehicle to N Korean Embassy

North Koreans operate cyber espionage from Kathmandu’s residential area

Just In