Categories: SecurityWorkspace

North Korea Targeted £850m In Four Year Hacking Spree

North Korea has attempted to steal more than $1.1 billion (£850m) over the past four years as a result of growing political and economic pressure, a new report has estimated.

The country’s attacks on banks and financial institutions date back at least to 2014, following the imposition of new UN sanctions, security group FireEye said.

The year is remembered for a damaging hack carried out against Sony Pictures, which was also attributed to North Korea.

But FireEye said North Korea’s state-backed hacking infrastructure is complex, with specialised operations for espionage and political purposes that are distinct from those aimed at bringing funds into the cash-strapped country.

North Korea’s alleged targets of financial hacking since 2014. Image credit: FireEye

Bank heists worldwide

FireEye said enough is now known about North Korea’s financial hacking operations to give them a distinct designation. It refers to the country’s financial hacks with the term Advanced Persistent Threat 38 (APT38).

APT38’s operations are significant in themselves, having targeted more than 16 organisations in at least 11 countries since 2014, FireEye said in a new study.

North Korea has carried out its bank heists using techniques more commonly associated with espionage, including long periods of months or years in which the target is observed and infiltrated.

“Since the first observed activity, the group’s operations have become increasingly complex and destructive,” FireEye wrote. “APT38 has adopted a calculated approach, allowing them to sharpen their tactics, techniques, and procedures over time while evading detection.”

The firm said APT38’s operatives typically take an average of several months to examine a network after compromising it.

“On average, we have observed APT38 remain within a victim network approximately 155 days, with the longest time within a compromised system believed to be 678 days,” FireEye wrote.

APT38’s heists have included well-known incidents involving Bangladesh’s central bank, an attempted heist at Mexico’s Bancomext and a successful theft at Banco de Chile, the latter two during the course of this year alone.

New tactics

Of the $1.1bn targeted in these well-known operations, FireEye estimated the hackers made off with roughly $100m.

Its tactics have included deploying ransomware to destroy evidence, as it did following heists at Far Eastern International Bank (FEIB) in Taiwan, Bancomext and Banco de Chile.

FireEye said North Korea’s success at infiltrating banks and making fraudulent transfers using the SWIFT network has prompted increased security measures, which could lead APT38 to begin employing “new tactics”.

“The number of SWIFT heists that have been ultimately thwarted in recent years coupled with growing awareness for security around the financial messaging system could drive APT38 to employ new tactics to obtain funds, especially if North Korea’s access to currency continues to deteriorate,” FireEye wrote in the report.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

BT Eagle-i Seeks To Predict, Prevent Cyberattacks

Proactive security approach. New security platform from BT Security, dubbed 'Eagle-i', seeks to predict and…

2 days ago

Apple Risks South Korean Clash After Investigation Warning

South Korean government official warns of possible investigation into Apple's compliance with new App Store…

2 days ago

Moscow Metro Facial Recognition System For Speedy Payments

Privacy concern. Moscow's Metro system has launched 'Face Pay', a mass facial recognition system for…

2 days ago

US Army Delays $22 Billion Microsoft Augmented Reality Headsets

United States Army pushes back deployment date of Microsoft's augmented reality headsets, but insists it…

3 days ago

TSMC Confirms Chip Plant For Japan

Taiwanese chip giant TSMC confirms it will build a chip factory in Japan, that will…

3 days ago

GitLab Raises $800m In Successful Initial Public Offering

After a successful public debut that raised hundreds of millions of dollars, coding platform GitLab…

3 days ago