Northern Virginia-based FireEye said in a Wednesday blog post that a group dubbed APT38 "is responsible for conducting financial crime on behalf of the North Korean regime, stealing millions of dollars from banks worldwide."
Over the past four years, the group has conducted operations against targets in 11 countries and 16 organizations and "has attempted to steal over $1.1 billion from financial institutions," the report says. The group moves very slowly and can be inside of a target network for extended periods before being noticed, according to FireEye, which said APT38 has remained, on average, "within a victim network for approximately 155 days."
"This is a very insidious group… it will destroy networks and steal millions and millions of dollars," a senior executive at the company said Wednesday, Politico reports.
The group is financially motivated, according to FireEye, though it also engages in cyber information gathering and reconnaissance missions. Notably, FireEye accused APT38 of penetrating SWIFT servers as part of a sophisticated money laundering scheme.
FireEye claimed in August that hundreds of Facebook and Twitter accounts "originated" in Iran, and those accounts were then banned by the platforms. Weeks later, the US State Department cited the banned accounts in a statement on "Iran's Threat to Cybersecurity."
— Alex Rubinstein (@RealAlexRubi) October 3, 2018
Web developer Chris Garaffa told Sputnik News via email that one should be cautious before classifying the hacking claims as consensus facts. "Unlike most US and western media outlets that will immediately publish the conclusions of the report without much further analysis, it will take security researchers some time to review the FireEye document against other known information and make a conclusion," the technologist said.
"While FireEye is a knowledgeable and successful organization, they are still a private company based in the US that serves primarily US-based government agencies and companies, and their leadership has ties to the Pentagon and defense industries," according to Garaffa.
"They are not necessarily an impartial actor, and this needs to be taken into consideration."
"Just where do spies go to get their toys? Well, James Bond had ‘Q,' and the CIA has In-Q-Tel," according to a D&B Hoovers description of In-Q-Tel, a not-for-profit venture capital firm headquartered in Virginia. In-Q-Tel and FireEye signed a "strategic investment and technology development agreement" in 2009, though FireEye "clarified" in 2014 that it "was never a CIA company."
Garaffa also says there is an element of "Western hypocrisy" in play, since "the US government and its allies regularly launch cyber attacks on other countries… when the US has declared a cyber war against the rest of the world, it would absolutely make sense for its targets to both defend themselves and retaliate."