KATHMANDU: Emboldened by the government’s inaction, yet another group of North Korean hackers is found operating in Lalitpur, posing serious threats to Nepalese banking and financial institutions. This is revealed through a two-month joint investigation by Khabarhub and cyber experts.

The group of three members — Jun Min Kwon, Kwang Guk Ri, Chong Riong An – were earlier stationed at block numbers A, B, and C of Classic Tower near Little Angel’s School at Satdobato in Lalitpur. They have recently shifted from the apartment after Khabarhub carried a story on North Korean’s involvement in cyber espionage from Tokha-based Apartment No. 16 ‘A’ of the Harmony Housing. Sources said they are currently residing at the Sunrise Apartment Block C in Bhaisepati. This group has altogether six people. The other three accomplices are Ryu Kyong Royal, Kim Kwang Jin, and Pak Un.

Despite facing the UN sanctions, this North Korean group has been able to register a company named Mount Chilbo Technical Solution Company Pvt Ltd in Nepal on March 3, 2019 having a total capital of Rs. 15,000,000; fixed capital of Rs. 12,000,000 and working capital of Rs. 3,000,000.

According to documents obtained by Khabarhub, the hackers have made more than 300 contacts in foreign countries, mostly India, Ukraine, and South Africa in the last week of March 2019.

Sirab Gurung, a Nepali national, has worked as a ‘facilitator’ to register the company. Mount Chilbosan is a mountain in North Hamguong Province of North Korea.

However, the details about its address have not been mentioned. According to the data at the Department of Industry, the company had assured of giving employment to at least 46 people during its registration process.

According to documents obtained by Khabarhub, the hackers have made more than 300 contacts in foreign countries, mostly India, Ukraine, and South Africa in the last week of March 2019. They are also found to have contacted persons in China through social network, WeChat. The group uses encrypted technology and Virtual Private Networking (VPN) to avoid detection.

Stealing of money through hacking by the group has terrorized banking industry in Nepal, India, and Bangladesh. North Korea has resorted to amassing money through hacking as it faces resource crunch due to the strict sanction imposed by the USA and the UN.

This group is a branch of the Lazarus group that had hacked Rs. 460 million from NIC Asia Bank in 2017 and is run by the intelligence of North Korea. The latter had hacked billions of rupees from India and Bangladesh as well.

Evidences obtained by Khabarhub’s investigation reveal that the group has been found to be directly working for the 121 Bureau of the seven different intelligence bureaus under Section 586 of the North Korean Directorate General of Military Intelligence, which is also known as the Lazarus group or Hidden Cobra.

Stealing of money through hacking by the group has terrorized banking industry in Nepal, India, and Bangladesh. North Korea has resorted to amassing money through hacking as it faces resource crunch due to the strict sanction imposed by the USA and the UN.

“This shows lapses and weakness in the technical regulatory mechanism,” former Deputy Inspector General of Police (DIG), Hemanta Malla told Khabarhub. According to Malla, this is an indicator that the government is weak and incompetent in terms of the cyber investigation.

The threat is imminent and grave since Nepal Police is sans a Computer Security Incident and Response Team (CSIRT), he added.

Unfortunately, the Nepal government has failed to take any action against the North Korean hackers’ groups active in Nepal. The Nepal Police is well informed about the activities of these groups.

Devi Ram Sharma, former chief of National investigation Department (NID) of Nepal, the country’s main intelligence agency, said this is an example of government’s height of irresponsibility. “It is sad on the part of the government that despite reports in media about North Korean illegal activities here, the government has failed to take concrete steps,” Sharma said.

The security organs, he argued, should keep vigilance. “I wonder why the government has been issuing the visa and permit to these people,” he said adding that they should be deported immediately.

Brigadier General Keshar Bahadur Bhandari (Retired), and defense and security analyst said North Koreans, in fact, monitor the activities of the United States here. “They also involve in various activities to earn money since the North Korean government entrusts them to make money to run the embassy here,” he said. The government, Bhandari said, has to act responsibly.

Likewise, Dr Khadga KC, foreign affairs expert, says he has come to know from various quarters that North Korean government itself asks its citizens to carry out money-making activities. “This has been aimed at managing the expenses of the embassy,” he said. He suggested the government and the political leadership to maintain extreme cautiousness while meeting and dealing with the North Koreans here. “The government should monitor their activities,” he said.

It should be noted here that in the case of NIC bank, Nepal Police had retrieved Rs. 390 million of the total Rs. 460 million hacked by the North Korean group.

Given the hacking record of the group and its hacking business, bank and financial institutions in Nepal are highly vulnerable to the group.

Meanwhile, geo-strategist expert, Arun Subedi said that such issues are ‘serious’ adding that it is unfortunate that these elements are trying to use the Nepali soil against Nepal’s neighbor and other friendly countries.

“The government has to deport these people by thorough investigation into the issue,” Subedi added.

Towards its inception, the notorious Lazarus group had terrorized South Korea through cyber-attacks. However, it was the group’s attack on Sony Pictures of Sony Company in 2014 that ramified the group’s terror at a global scale. This was because the group had used sophisticated technology in the attack. It then attacked Del Austro, a bank in Ecuador incurring a loss of over Rs. 1,000 million to the bank. Similarly, the group also hacked from Rs. 100 million from a bank in Vietnam. Likewise, the bank hacked Rs. 600 million from the East International Bank in Taiwan.

In the same vein, the group had hacked and transferred over Rs. 85,000 million to various banks across the globe from the Center Bank of Bangladesh.

Given the hacking record of the group and its hacking business, bank and financial institutions in Nepal are highly vulnerable to the group. This is more so as the hacker groups are operating from Nepal. Besides, financial institutions have remained largely indifferent to the mandatory ruling by the Nepal Rastra Bank (NRB) for cybersecurity audits.

Also Read:

North Koreans operate cyber espionage from Kathmandu’s residential area

Car manufacturers refuse to sell vehicle to N Korean Embassy