‘Elite North Korean hacker group tied to bank attacks’
WASHINGTON: An elite group of North Korean hackers has been identified as the source of a wave of cyberattacks on global banks that has netted “hundreds of millions” of dollars, security researchers said on Wednesday.
A report by the cybersecurity firm Fireeye said the newly identified group dubbed APT38 is distinct from but linked to other North Korean hacking operations, and has the mission of raising funds for the isolated Pyongyang regime.
Fireeye researchers said APT38 is one of several hacking cells within an umbrella group known as “Lazarus,” but with unique skills and tools that have helped it carry out some of the world’s largest cyber heists.
“They are a cyber-criminal group with the skills of a cyberespionage campaign,” said Sandra Joyce, Fireeye’s vice president of intelligence, in a briefing with journalists in Washington.
Joyce said one of the characteristics of APT38 is that it takes several months, sometimes nearly two years, to penetrate and learn the workings of its targets before its attacks, which have sought to illegally transfer more than $1 billion from victimised banks.
“They take their time to learn the intricacies of the organisation,” Joyce said.
Once they succeed, she added, “they deploy destructive malware on their way out” to hide their traces and make it more difficult for victims to find out what happened. The group has compromised more than 16 organisations in at least 11 different countries.