North Korea has become a significant figure in the global cybercriminal world as its army of hacker continue to breach financial institutions and cryptocurrency exchanges.
The Asian country has been isolated from legitimate global financial systems, thus encouraging the regime to rely on illicit activities for sustenance. Apart from drug trafficking and counterfeiting, it is reported that the dictatorship has facilitated a host of digital bank heists.
A global security report by the U.N. Security Council’s Panel of Experts provided a foreground on the major role played by North Korean actors in international cybercriminal activity with indications linking the army of hackers to a series of cryptocurrency money laundering cases.
In highlight, the report estimated that North Korean actors have succeeded in stealing more than $2bn, with the funds being directed to funding the regime’s weapons programs.
According to the experts, the North Korean affinity to cyberattacks has been inferred to be an opportunity for the country’s regime to evade the spate of sanctions levelled against the isolated state. The significance of hacking campaigns is well represented by the fact that cybercriminal attacks offer potentially great financial rewards for minimal resource investment.
Interest in Crypto and a Mega Bank Heist
Recent years have seen a shift in North Korean interest to cryptocurrency as evidenced by its long list of hacking schemes targeting cryptocurrency exchanges. A recent press release by ESTsecurity said that the North Korean Group Lazarus has begun targeting crypto firms with attacks being carried across the world.
Nonetheless, even as North Korean actors remain active amid the current global public health crisis, none of the recent hacking cases can match North Korea’s most brazen cyber heist.
In the year 2016, North Korean hackers employed the SWIFT credentials belonging to employees of the Bangladeshi Central Bank in breaching the institution’s networks. The critical data was used to send a series of funds transfer requests to the Federal Reserve Bank of New York.
The hackers succeeded to steal $81m from the banking institution’s accounts but failed to haul a targeted $1bn when Deutsche Bank and the Federal Reserve System detected the suspicious activity. Reportedly, a spelling mistake prevented the hackers from making away with $851m. Deutsche Bank spotted the blunder as one of the payment requests were linked to a fictional organization called “fandation” rather than “foundation”.
North Korean Hacking Stealth
Cybersecurity experts have noted the stealthy nature of North Korean hacker activities, and warned stakeholders against underestimating their capabilities.
It turns out that, for a very long time, governments and organizations have likened North Korean hacking attacks to traditional “smash and grab raids” – often involving the breaching of corporate and government networks to steal as much money as possible before disappearing into thin air.
Well, reports indicate that the North Korean cybercriminals of today have expanded their capacities to assume a series of more sophisticated structures. The significant advancement also follows in the manner in which threat actors behave after a successful hacking campaign – the army of hackers is now known to cover up their tracks pretty well as soon as they have made their kill.
The above discovery has been echoed in an article by F-Secure Consulting who have reflected on the wealth of evidence showing just how North Korean attackers have become exceptionally effective at their craft. Instead of the usual seizing of cryptocurrency and fleeing, they have perfected the art of eliminating any existing evidence that would be linked to North Korea after law enforcement investigations.
As it stands, the biggest concern for cybersecurity experts remains to be the securing of corporate and government networks amid a rather imminent global cyber threat – the North Korean cyber army.