North Korea reportedly stole $2B in wave of cyber attacks

Draft report from the United Nations, which was seen by several news outlets, revealed North Korea chalked up US$2 billion from launching cyber attacks against banks and cryptocurrency exchanges as part of efforts to fund a weapons buying programme.

North Korea made $2 billion from cyberattacks, UN report Draft report from the United Nations revealed North Korea chalked up US$2 billion from launching cyber attacks against banks and cryptocurrency exchanges as part of efforts to fund a weapons buying programme.

North Korea has reportedly chalked up an estimated US$2 billion from launching cyber attacks against banks and cryptocurrency exchanges, in a bid to fund its purchase of military weapons. The attacks were widespread and "increasingly sophisticated", according to a leaked draft report from the United Nations. 

Pyongyang tapped the cyberspace to steal funds from financial institutions and cryptocurrency exchanges as well as to launder the stolen money, found the report, which was submitted to the Security Council committee last week and seen by news agencies such as Reuters, The Associated Press, and Nikkei Asian Review. The report was submitted by a panel that monitored UN sanctions. 

It noted in the report: "Democratic People's Republic of Korea (DPRK) cyber actors, many operating under the direction of the Reconnaissance General Bureau, raise money for its WMD (weapons of mass destruction) programmes, with total proceeds to date estimated at up to US$2 billion." The General Bureau is North Korea's military intelligence agency.

APAC consumers want IoT devices, but fear data leaks

Majority of consumers in Asia-Pacific already own at least one Internet of Things (IoT) device and plan to buy more, but 81 percent fear their personal data is being leaked and 71 percent worry about being monitored without their consent.

Read More

The UN report pointed to at least 35 reported instances of DPRK actors targeting financial institutions, cryptocurrency exchanges, and mining activities designed to earn foreign currencies in 17 countries. 

It noted that the attacks against cryptocurrency exchanges enabled North Korea to generate income in ways that were "harder to trace and subject to less government oversight and regulation", compared to the traditional banking sector. In one incident of cryptocurrency mining, DPRK hackers reportedly mined an estimated US$25,000 by infecting an organisation's computer using cryptojacking malware

The report added that DPRK continued to have access to the global financial system "through bank representatives and networks operating worldwide" and attributed this to "deficiencies" by UN member states in implementing financial sanctions as well as deceptive practices on the part of North Korea. 

It noted that Pyongyang had sent out hundreds of IT workers including software developers to various regions including Asia and Europe, where they ran cryptocurrency theft operations in companies that were headed, on paper, by locals.

A previous March report by the UN panel of experts determined that North Korean hackers stole around US$571 million from at least five cryptocurrency exchanges in Asia between January 2017 and September 2018. It added that the hackers generated almost US$670 million in foreign and virtual currencies through cybertheft.

Cybersecurity vendor Kaspersky in March said it detected ongoing attacks targeting cryptocurrency businesses with malicious documents that later would be downloaded and installed either as Windows or Mac malware. It pointed to attacks by the Lazarus Group, which was a codename given to a division of North Korea's state hackers, that targeted Asia-based cryptocurrency exchanges.

RELATED COVERAGE

North Korean hackers continue attacks on cryptocurrency businesses

Lazarus Group hackers seamlessly integrate Mac malware into their normal attack routine.

North Korean cyberspies deploy new malware that harvests Bluetooth data

ScarCruft hackers deploy Bluetooth-harvesting malware in recent campaign.

North Korea is the most destructive cyber threat right now: FireEye

DPRK hackers are cybering every way they can, and according to FireEye their destructiveness and unpredictability makes them dangerous.

Revamped cryptominer strikes Asia through EternalBlue exploit

A new version of the NRSMiner cryptominer is making the rounds by exploiting PCs which are still not patched against the Windows vulnerability.

How US authorities tracked down the North Korean hacker behind WannaCry

US authorities put together four years worth of malware samples, domain names, email and social media accounts to track down one of the Lazarus Group hackers.