‘North Korea hacking focused on making money’
SEOUL: North Korea is behind an increasingly orchestrated effort at hacking into computers of financial institutions in South Korea and around the world to steal cash for the impoverished country, a South Korean state-backed agency said in a report.
In the past, suspected hacking attempts by the North appeared intended to cause social disruption or steal classified military or government data, the South’s Financial Security Institute (FSI) said.
But, it said, the focus seemed to have shifted in recent years to raising foreign currency.
The isolated regime is suspected to be behind a hacking group called Lazarus, which global cybersecurity firms have linked to last year’s US$81 million (RM346 million) cyberheist at the central bank of Bangladesh and the 2014 attack on Sony’s Hollywood studio.
The United States government blamed the North for the Sony hack and some US officials said prosecutors were building a case against Pyongyang in the Bangladesh Bank theft.
In April, Russian cybersecurity firm Kaspersky Lab identified a hacking group called Bluenoroff, a spin-off of Lazarus, as focused on attacking mostly foreign financial institutions.
The new report, which analysed suspected cyberattacks between 2015 and last year on South Korean government and commercial institutions, identified another Lazarus spin-off named Andariel.
“Bluenoroff and Andariel share a common root, but they have different targets and motives,” the report said.
“Andariel focuses on attacking South Korean businesses and government agencies using methods tailored for the country.”
Pyongyang has been stepping up its online hacking capabilities as one way of earning hard currency under the chokehold of international sanctions imposed to stop the development of its nuclear weapons programme.
Cybersecurity researchers said they had found technical evidence that could link North Korea to the global WannaCry “ransomware” cyberattack that infected 300,000 computers in 150 countries in May.
North Korea has routinely denied involvement in cyberattacks against other countries. Reuters