North Korea’s gaggle of state hackers appears to have a new objective: Money.
The hermit kingdom’s cadre of cyber-spies—estimated by South Korea to number around 1,700—are working overtime to steal cash from flush targets like international banking systems, according to a report from the South Korean government-backed Financial Security Institute. While attacks like the one on Sony Pictures have been retaliatory, and ongoing political spy campaigns are still the norm, hacking for profit has become a top focus area as the impoverished country looks to accumulate foreign currency to pay for imports. With harsh sanctions from the US looming, the country's cash position is set to decline even further.
The report said the theft of $81 million from Bangladesh’s central bank can be traced back to North Korea, as can recent attacks on Polish banks. Also, there are indications that they planned to steal money from more than 100 other organizations. Meanwhile they’re involved in stealing bank-card data to drain accounts, selling stolen data on the Dark Web and developing malware to cheat at online gambling, the report said.
Kaspersky Lab in April tied the bank attacks to an offshoot of Lazarus, an APT group believed to be affiliated with the North Korean government. That offshoot, known as Bluenoroff, also has a cousin dubbed Andariel, according to the Financial Services Institute, that is behind at least seven hacking attacks on banks, defense contractors and others in South Korea over the last two years.
”Bluenoroff and Andariel share their common root,” the report said, as reported in the New York Times. “If Bluenoroff has attacked financial firms around the world, Andariel focuses on businesses and government agencies in South Korea using methods tailored for the country…Andariel is believed to focus on earning hard currency.”