Be Careful About Your Bank Account, North Korea Hackers On the Prowl

Hackers associated with North Korea are trying to target Banks around the world

Hackers in North Korea are on the prowl to rob over hundred banks around the world. Are banks in India too a target?

Hackers associated with North Korea are trying to target Banks around the world

Banks around the world have upped their alert. Hackers affiliated to North Korea have devised plans to rob over a hundred banks and India too may be a target. India’s neighbour Bangladesh was the first target of the hackers.

Quoting a report from Internet security firm Symantec, The New York Times has published a story that has revealed startling ambitions of hackers affiliated to North Korea.

According to the report, the hackers have plans to rob over a hundred banks around the world, including “institutions like the World Bank, the European Central Bank and big American companies including Bank of America.”

It may be recalled that an attack on over 20 Polish banks in 2016 end was thwarted on time without any money being lost. When security analysts pulled apart the virus software sent to these banks, they discovered a huge list of Internet addresses for other financial institutions, making up the target list described by Symantec.

The Times discusses the size and desperation of North Korea’s cybercrime ring as follows:

Kim Jong-un
Kim Jong-un heads the rogue government in North Korea

The list of targets, which has not been previously reported, is part of a growing body of evidence showing how North Korea, a country that is cut off from much of the global economy, is increasingly trying to use its cyberattack abilities to bring in cash — and making progressively bolder attempts to do so.

North Korea’s hacking network is immense, encompassing a group of 1,700 hackers aided by more than 5,000 trainers, supervisors and others in supporting roles, South Korean officials estimate. Because of the country’s poor infrastructure, the hackers typically work abroad, in places like China, Southeast Asia and Europe. Like other North Koreans allowed to work abroad, the hackers are constantly monitored by minders for possible breaches in allegiance to the government.

Thus far, the biggest score for the North Korean operation appears to be a hack of Bangladesh’s central bank, revealed by Bangladeshi authorities in May 2016. The $81 million stolen from the bank ended up in the Philippines, but investigators were certain from early in the investigation that the thieves were not from either Bangladesh or the Philippines.

Initially it was thought that the job might have been the handiwork of Chinese hackers. But Symantec researchers soon isolated malicious code that brought out the links to North Korea.

Kim Jong-un
Kim Jong-un

However, one Chinese bank appeared in the target list distilled from captured viral code in Poland. Hence there are lingering suspicions that Chinese hackers assisted the North Korean hackers in pulling off the Bangladesh attack.

Similar code and hacking techniques had previously been used against banks in Vietnam and Ecuador.

According to the New York Times, analysts with the National Security Agency suspected the Bangladesh bank robbery was linked to the attack on Sony Pictures, which is generally seen as the work of North Korea.

The thieves were actually trying to steal a billion dollars from Bangladesh with fraudulent money transfer requests to the New York Federal Reserve, but only $81 million in bogus requests got through.

The attack on Poland’s banks was carried out with a technique called  “watering hole.” This hacking technique involved planting malware in locations the targets are likely to visit. Disturbingly, the watering hole for the Polish caper was the website of Poland’s banking regulator.

Symantec mentioned similar watering hole traps have been laid for banks in Mexico and Uruguay, while virus attacks have been made already against a few targets in the United States.

An important point made by security analysts about these bank robberies is that huge amounts of manpower were involved. This means that the attacks are State-sponsored and this is where the role of the North Korean rogue governments comes into play.

The malware used in these financial assaults can lurk in targeted systems for weeks, going active during very limited windows of opportunity, so a large team of computer technicians has to work around the clock to supervise the intrusion.

The new development could be major topic of discussion when Chinese President Xi Jinping meets with President Trump next month.

Meanwhile, Security firm FireEye, which was instrumental in past actions against Chinese hackers, has reported a significant decline in Chinese industrial cyber-espionage over the past two years. But there was an increase in Russian mischief. CEO Kevin Mandia warned Fortune last week that American companies are still “getting sucker punched pretty bad.”

North Korea has denied involvement in the wave of cyber attacks on financial institutions, claiming the United States reached “despicable heights” with its accusations. Pyongyang called America a “hacking empire, the worst of bullying countries” and said the hacking allegations were a pretext to “launch a pre-emptive strike” against North Korea.


Please enter your comment!
Please enter your name here