North Korean Hacker Group Uncaught by FBI... "Even Impersonating US Banks"

[Asia Economy Reporter Jang Hee-jun] It has been reported that North Korean hacker groups recently impersonated major banks in the United States and Japan. Following Lazarus, under North Korea's Reconnaissance General Bureau, hacking the Bangladesh Central Bank, even its subordinate organization known as BlueNoroff is eyeing the financial sector, calling for special caution.

According to Radio Free Asia (RFA) on the 30th, Kaspersky, a cybersecurity company headquartered in the UK, revealed on the 27th that the North Korean hacker group BlueNoroff created 'similar internet addresses' impersonating famous institutions or companies.

North Korean hacking

North Korean hackers were found to have used addresses similar to the official website of the major U.S. investment bank Bank of America (BoA) (bankofamerica.com), such as 'bankofamerica.tel', 'bankofamerica.nyc', and 'bankofamerica.us.org'. They also impersonated Japan's Mitsui Sumitomo Bank and various venture capital firms. It was revealed that there are more than 70 similar internet addresses used by hackers for disguise.

According to Kaspersky, actual cases of damage have occurred in the housing finance sector in the United Arab Emirates (UAE), and samples of documents created in Japanese by the hackers were also discovered.

BlueNoroff is known as a subordinate organization of Lazarus, a hacker group directly controlled by North Korea's Reconnaissance General Bureau. Lazarus is identified as the main culprit behind incidents such as the Bangladesh Central Bank cash theft, the Sony Pictures hack, and the WannaCry ransomware attack.

The U.S. Department of Justice announced its plan to indict Park Jin-hyuk, a North Korean national, on charges of hacking Sony Pictures on behalf of North Korea's Reconnaissance General Bureau in September 2018. The photo shows Prosecutor Tracy Wilkinson explaining the details of the indictment against Park Jin-hyuk. Photo by AP

Previously, in 2016, Lazarus stole 81 million dollars (approximately 100 billion KRW) from the Bangladesh Central Bank. A year before the incident in 2015, the hackers sent a resume of a fictitious person named 'Russell Ahlam' via email to the bank, through which they spread hacking code.

Using the hacking code, Lazarus monitored all transactions and routes of the central bank for a year and embezzled 101 million dollars (about 127.5 billion KRW) entrusted to the New York Federal Reserve (Fed) by the central bank. Of this, 81 million dollars disappeared through a Philippine bank, while the remaining 20 million dollars were stopped just before being cashed out at a Sri Lankan bank.

As the FBI tracked the case, it was revealed that Lazarus was behind it. Subsequently, U.S. judicial authorities indicted North Korean hacker Park Jin-hyuk, but his whereabouts remain unknown to this day.

Lazarus and Park Jin-hyuk first gained notoriety earlier in 2014 when they hacked Sony Pictures. This was retaliation for producing the movie "The Interview," which dealt with the assassination of North Korean Supreme Leader Kim Jong-un. Lazarus infiltrated Sony Pictures' network by sending malicious code to employees and stole personal information, unreleased movies, and confidential data. U.S. judicial authorities indicted Park Jin-hyuk for the first time during this case.

Meanwhile, according to intelligence agencies, North Korea is focusing on hacking virtual assets to secure funds for nuclear and missile programs while evading sanctions. It is estimated that they have stolen a cumulative total of 1.3 trillion KRW. A representative case was the hacking of an NFT-based gaming company last March. North Korea stole Ethereum and USD Coin worth approximately 89 billion KRW in this attack, and Lazarus was again identified as the culprit.

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.