UN: North Korean hacks in 17 countries
United Nations experts say they are investigating at least 35 instances in 17 countries of North Koreans using cyberattacks to illegally raise money for weapons of mass destruction programmes — and they are calling for sanctions against ships providing petrol and diesel to the country.
Last week, the Associated Press quoted a summary of a report from the experts which said that North Korea illegally acquired as much as US$2 billion ($3.1b) from its increasingly sophisticated cyber activities against financial institutions and cryptocurrency exchanges.
The lengthier version of the report, seen by the AP, reveals that neighbouring South Korea was hardest-hit, the victim of
10 North Korean cyberattacks, followed by India with three attacks, and Bangladesh and Chile with two each.
Thirteen countries suffered one attack — Costa Rica, Gambia, Guatemala, Kuwait, Liberia, Malaysia, Malta, Nigeria, Poland, Slovenia, South Africa, Tunisia and Vietnam, it said.
The experts said they are investigating the reported attacks as attempted violations of UN sanctions, which the panel monitors.
The report cites three main ways that North Korean cyber hackers operate:
● Attacks through the Society for Worldwide Interbank Financial Telecommunication or Swift system used to transfer money between banks, “with bank employee computers and infrastructure accessed to send fraudulent messages and destroy evidence”.
● Theft of cryptocurrency “through attacks on both exchanges and users”.
● And “mining of cryptocurrency as a source of funds for a professional branch of the military”.
The experts stressed that implementing the increasingly sophisticated attacks “is low risk and high yield”, often requiring just a laptop computer and access to the internet.
As examples of North Korean cyberattacks, the panel said hackers in one unnamed country accessed the infrastructure managing its entire ATM system and installed malware modifying the way transactions are processed.
As a result, it forced 10,000 cash distributions to individuals working for or on behalf of North Korea “across more than 20 countries in five hours”.