‘Alarming’: North Korea’s hackers target South’s defence technology to fund weapons programme

“We’ve found, through cooperation with the FBI, that the North Korean hacking organisation Andariel hacked many domestic companies,” the Seoul Metropolitan Police Agency’s Security Investigation Support Division said on Monday.

North Korea steps up ‘opportunistic’ cybercrime to fund nuclear ambitions

The stolen data amounted to 1.2 terabytes (TB) of files – equivalent to around 230 high-definition films. This includes technology on advanced laser anti-aircraft weapons and their development plans, police said.

“This means the North’s hacking attacks are evolving remarkably and becoming bolder” to target moneymaking technology and sensitive defence technology, former vice-defence minister Shin Beom-cheol said on SBS TV news talk show on Wednesday.

“This is something alarming for us,” he cautioned.

Andariel was said to have rented servers from domestic companies and used them as transit points to hack local tech, defence, pharmaceutical and financial companies. Many of the victims failed to notice the intrusions, while others chose not to report the damage to police over fears of losing credibility, according to the force.

A foreign woman was being investigated in connection with the ransomware attacks after some of the bitcoin worth 630,000 yuan (US$88,600) were transferred through her account and withdrawn from a bank in China, police said. She has denied the money-laundering charge.

North Koreans use fake names, scripts to land remote IT work for cash

“What has drawn my attention most in this police announcement is that North Korea appears to be expanding cyberattacks on defence contractors and pharmaceutical companies,” Kim Seung-joo, a cybersecurity professor at Korea University, told This Week in Asia.

“This incident highlights the need for local defence companies to further bolster their IT security,” he warned.

Lee of the Korea Defence Network said researchers at various institutes and companies, including himself, endlessly received phishing emails carrying spyware that lured them into joining key seminars.

When the North paraded weapons for its “Victory Day” in July, Lee, a missile expert, said he was surprised to find striking similarities between the North’s new “Spike” missile used to strike ships or coastline batteries and the South’s tactical surface-to-surface missile.

“I suspect this missile technology might have been stolen from the South,” he said.

As Kim prepares for ‘actual war’, North’s hackers target US-South Korea drills

In a report published last month, titled “Evolving North Korean Cyberattacks and Responses”, Kim Bo-mi at the Korea Institute for National Security Strategy said North Korea had stolen around US$340 million in cryptocurrency over the first three-quarters of the year, accounting for some 30 per cent of global cryptocurrency losses.

“North Korea seems to have found a breakthrough in the problem of cashing out cryptocurrencies by using Russian currency exchange services,” she said.

Most of the stolen assets are used to directly fund the hermit kingdom’s weapons of mass destruction and ballistic missile programmes, according to the Hacker News.

“[In the absence of] stronger regulations, cybersecurity requirements, and investments in cybersecurity for cryptocurrency firms, we assess that in the near term, North Korea will almost certainly continue to target the cryptocurrency industry due to its past success in mining it as a source of additional revenue to support the regime,” said Massachusetts cybersecurity company Recorded Future last month.

The United States government has reportedly sanctioned three mixers – Blender, Tornado, and Sinbad – and tens of individuals for laundering billions in assets for the North Korean regime.

About half of the laundered money is believed to have been used to bankroll the state’s ballistic missiles programme.

“North Korean threat actors also use the accounts and personal information of phishing victims to register verified accounts at trusted cryptocurrency exchanges where they can send the stolen cryptocurrency and cash out,” Recorded Future added.

Pyongyang has denied being involved in cybercrimes.