[Asia Economy Reporter Yoo In-ho] The notoriety of North Korean hackers is increasing in the international community. This is because they are involved in all-around crimes ranging from virtual currency to government and corporate security attacks.
According to diplomatic sources on the 28th, a report has emerged that the hacking group 'Lazarus,' presumed to be backed by North Korea, attempted security attacks on defense-related institutions in more than 10 countries.
Russian security company Kaspersky stated in a report posted on its website on the 25th (local time), "The hacking group Lazarus, which had focused on financial institutions such as virtual currency exchanges in recent years, appears to have added the defense industry to its portfolio since last year," adding, "So far, institutions in more than 12 countries have been affected by the attacks."
The report explained that Lazarus installed a backdoor attack malware called 'ThreatNeedle' to access the communication networks of the attack targets. A backdoor attack refers to an attack that exploits security vulnerabilities to access a system without authentication, as if secretly entering through a back door.
Lazarus first took control of the target's device through emails disguised as trusted medical institutions sending the latest COVID-19 related information, then used that device to access the system, according to investigations.
The organization was found to have extracted information even from 'air-gapped' communication networks that are not connected to the internet using such attacks.
Additionally, analysis shows that North Korean hacking groups tend to focus their activities on virtual currency. This is because anonymous transactions make it easier to evade sanctions against North Korea, although it is also pointed out that cashing out is not an easy matter.
According to the '2021 Global Threat Report' recently released by the U.S. cybersecurity firm CrowdStrike, North Korean hacking groups have concentrated their activities on virtual currency.
The methods include spreading virtual currency trading apps containing malware or hacking exchanges to steal money. The report analyzed that the group called 'Byolttong Cheonlima' previously focused on hacking large financial institutions but recently has concentrated on virtual currency exchanges.
A recently released United Nations Security Council expert panel report stated that North Korea stole more than $300 million by targeting virtual currency exchanges and others from 2019 to 2020. The U.S. State Department indicted three hackers affiliated with North Korea's Reconnaissance General Bureau on the 17th (local time) for hacking virtual currency exchanges.
North Korea appears to be focusing on hacking activities as earning foreign currency has become difficult due to prolonged sanctions and the COVID-19 pandemic. Pharmaceutical companies and others have also become targets amid the pandemic, and virtual currency is targeted because anonymous transactions and money laundering are easy.
There are concerns that hacking could become a loophole in sanctions against North Korea, but there is also an assessment that it may not significantly contribute to securing foreign currency. Radio Free Asia (RFA) reported this citing expert remarks from a North Korea-related online discussion hosted by the Korea Society, a U.S. private organization, on the 19th.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
