13:18 GMT13 August 2020
Listen Live
    Asia & Pacific
    Get short URL

    A South Korean state-backed agency claims to have uncovered an international North Korean hacking scheme to commit global financial fraud. The purpose of this scheme, according to the reports, is to raise money for the government of the Democratic People’s Republic of Korea.

    The report, which comes from South Korea's Financial Security Institute (FSI), claims that North Korea is the backer of the hacking group Lazarus. Cybersecurity firms as well as the US government have linked Lazarus both to the $81 million cyber heist from Bangladesh's central bank in 2016 as well as the cyberattack against Sony Pictures in 2014 in retaliation for the studio's distribution of "The Interview," a comedy about an assassination attempt against North Korean president Kim Jong-un.

    The report also mentioned the existence of a Lazarus spin-off known as Andariel, which has targeted South Korean businesses and government bodies. For instance, the FSI report claims that Andariel targets ATMs, steals bank card information and then either withdraws cash from the account or sells the information on the black market.

    They also use malware attacks to steal money from online poker and gambling sites.

    "South Korea prefers to use local ATM vendors and these attackers managed to analyze and compromise SK ATMs from at least two vendors earlier this year," said Vitaly Kamluk, director of Russian cybersecurity firm Kaspersky's Asia and Pacific research team. "We believe this subgroup (Andariel) has been active since at least May 2016."

    In addition, Russian cybersecurity firm Kaspersky Lab identified in April a third hacking group, Bluenoroff, as a spin-off of Lazarus. Bluenoroff has in the past focused on attempting to steal from international financial institutions.

    "Bluenoroff and Andariel share their common root, but they have different targets and motives," the FSI report read. "Andariel focuses on attacking South Korean businesses and government agencies using methods tailored for the country."

    They added that there was circumstantial evidence linking North Korea to the WannaCry "ransomware" cyberattack that attempted to export hundreds of dollars apiece from 300,000 computers across 150 countries.

    The FSI report claimed that eight different malware attacks against South Korea in the last few years were all done by the same perpetrators, as the programs used in the attacks had similar code patterns. The highest-profile of those cases was an attempt to hack the personal computer of South Korean Defense Minister Han Min-goo in September 2016.

    The FSI added that they have no conclusive evidence of their allegations, and that their views do not officially reflect the views of Seoul.

    North Korea has categorically denied any involvement in these cyber crimes.

    The FSI was founded in 2015 to investigate and combat cyberattacks against South Korea after a series of malware strikes were levied against the country's financial institutions.


    Pickpockets? Seoul Says North Korean Hackers Stole Millions of Their Bitcoin
    Hackers Attack Computers of Investigators in S Korean President Corruption Case
    US Waging Secret Cyber, Electronic War on North Korea’s Missile Program
    Cyber Attacks Expected to Impede Next Presidential Elections in South Korea
    South Korean Prosecutors Say North Korea Continues Cyber Attacks Against Country
    ransomware, hacker group, theft, cyberattack, Bluenoroff, Andariel, Lazarus, Financial Security Institute, Kaspersky Lab, Kim Jong-un, Han Min-goo, Democratic Republic of North Korea (DPRK), South Korea
    Community standardsDiscussion