Security & Fraud

North Korean Hackers’ New Target? Bank Accounts

Bank heist

In news good for no one anywhere, it seems the North Korean army of cybercriminals has decided to reorganize itself to prioritize greater specialization.  According to WSJ reports out this morning — the cyber dark army has splintered into smaller groups and is increasingly focused on stealing from the rest of the world to give back to its home country.

The search for lucre — as opposed to data, destablization, or intimidation — is a change of tactics for Pyongyang. Some speculate that evolving a nuclear program is not easy work when a nation is under extreme sanctions — and the money has to come from somewhere.

Prior cyberattacks that can be connected to North Korea's military force include the 2014 hack of Sony Pictures Entertainment and a cyberheist at Bangladesh's central bank. North Korean cyberattackers are also thought to be behind this year’s WannaCry global ransomware attack. Kaspersky Lab AO made that connection by identifying an offshoot of Lazarus, used by a hacking group called BlueNoroff, which specializes in heists of foreign financial institutions.

The Korea Financial Security Institute is now reporting a second group using Lazarus that has been attacking South Korea since 2013.  Those hacking efforts include attempts to spike ATMS with malware to scrape card data — FSI notes that the behaviors are more typical of organized crime than state-sponsored cyberterror.

According to South Korean officials, the attempts — which netted several thousand dollars — were withdrawn before South Korean law enforcement identified the ruse after six days. The data was largely sold to consumers in China and Taiwan.

“North Korea now cares more about making money than causing disruptions or cyberterrorism,” said Joon Kim, owner of Naru Security Inc., who has advised South Korean law enforcement on cyber issues.

Andariel — the hacking group — has been connected to eight similar attacks in the South. Reports indicate the group has joined up with BlueNoroff to target a large South Korean financial institution.

“The problem is that it’s not just simple attacks anymore with North Korea. It’s more orchestrated now, as if it were a military operation,” said Kim Seung-joo, a Korea University professor who sits on a South Korean government cybersecurity advisory team.



The How We Shop Report, a PYMNTS collaboration with PayPal, aims to understand how consumers of all ages and incomes are shifting to shopping and paying online in the midst of the COVID-19 pandemic. Our research builds on a series of studies conducted since March, surveying more than 16,000 consumers on how their shopping habits and payments preferences are changing as the crisis continues. This report focuses on our latest survey of 2,163 respondents and examines how their increased appetite for online commerce and digital touchless methods, such as QR codes, contactless cards and digital wallets, is poised to shape the post-pandemic economy.

Click to comment