Category: North Korea

According to a report published by Japanese news resource Nikkei, it has been revealed that the North Korean government is actively engaging in cyber attacks on the digital infrastructure of its adversaries. This information is not entirely new, as many are already aware of the country’s involvement in such activities. However, what sets this report apart is the claim that North Korea earns a significant portion of its annual income from cryptocurrency heists conducted through cyber attacks.

Nikkei’s report is based on estimates provided by sources from South Korea. These sources allege that North Korea employs approximately 10,000 hackers located in various nations to support its financially motivated digital attacks. The nation is known to plant its employees in other countries by fabricating false documents, allowing them to initiate and profit from their malicious digital campaigns.

In 2019, the United Nations released an estimate confirming that the North Korean regime, led by Kim Jong Un, had accumulated a staggering $2 billion by launching hacks on cryptocurrency firms and internationally recognized banks. These cyber attacks have proven to be a lucrative source of income for the reclusive nation.

In a separate news development, cybersecurity researcher Jeremiah Fowler recently discovered a significant data breach related to the database of a Free VPN service. Specifically, Fowler found that SuperVPN had experienced a massive data breach, compromising the information of over 360 million users. The leaked data included various personal details such as email addresses, user locations, actual IP addresses, device MAC addresses, and a list of websites visited by the users.

It is worth noting that many free virtual private network services often claim not to store user data on their servers. However, Fowler’s investigation revealed that SuperVPN, available on both the Apple App Store and Google Play Store, was operating contrary to its claimed privacy policies. The service provider, SuperSoft Tech, took credit for offering SuperVPN on the Play Store, while Qingdao Leyou Hudong Network Technology Co provided the VPN on the Apple App Store. Both companies had connections to the People’s Republic of China, as evidenced by the Mandarin notes accompanying their services.

These two news items highlight the concerning activities in the realm of cyber warfare and data breaches. The North Korean government’s involvement in cyber attacks and cryptocurrency heists, along with the SuperVPN data breach, serve as reminders of the ongoing threats faced in the digital landscape.

The post North Korean cyber attacks income and free VPN data breach appeared first on Cybersecurity Insiders.

North Korea has established a hacking group named APT43 to fund its cybercrime activities, aimed at advancing Pyongyang’s geopolitical interests. According to a study conducted by se-curity firm Mandiant, the group has been in operation since 2018 and has now been tasked with carrying out both espionage and financially motivated attacks such as credential harvesting and social engineering.

The APT43 group has been instructed to target organizations in South Korea, the United States, Japan, and Europe, with a particular focus on infiltrating networks associated with educational institutions, government entities, and the manufacturing sector. Since September 2021, the group of cyber criminals has shifted its focus to the healthcare and pharmaceutical industries.

On April 3 of this year, Google’s Threat Analysis Group (TAG) announced that APT43 was in-volved in cryptocurrency theft and digital currency laundering. Additionally, a new spying team named Archipelago, a subset of APT43, has emerged and is using phishing tactics to tar-get potential victims.

Archipelago operates differently, taking the time and effort to build a rapport with its targets before sending them a malicious link via email that leads to a password-protected file contain-ing malware. As the group’s operations overlap with another group dubbed Kimsuky, Archipel-ago is being linked to the Reconnaissance General Bureau (RGB) and North Korea’s foreign intelligence agency.

It is unclear whether the APT43 subset Archipelago is associated with the Lazarus Group, as some security teams on Reddit argue that all hacking criminals from the Kim Jong Un-led na-tion are internally associated and work with the same motive.

NOTE: In 2021, the Federal Bureau of Investigation officially announced that Kim is achieving his nuclear ambitions by stealing cryptocurrency, intelligence, and threatening companies with ransomware, all through cyberattacks.

The post North Korea dedicates a hacking group to fund cyber crime appeared first on Cybersecurity Insiders.

News:

Researchers at Russian cybersecurity firm Kaspersky today revealed that they identified a small number of cryptocurrency-focused firms as at least some of the victims of the 3CX software supply-chain attack that’s unfolded over the past week. Kaspersky declined to name any of those victim companies, but it notes that they’re based in “western Asia.”

Security firms CrowdStrike and SentinelOne last week pinned the operation on North Korean hackers, who compromised 3CX installer software that’s used by 600,000 organizations worldwide, according to the vendor. Despite the potentially massive breadth of that attack, which SentinelOne dubbed “Smooth Operator,” Kaspersky has now found that the hackers combed through the victims infected with its corrupted software to ultimately target fewer than 10 machines­—at least as far as Kaspersky could observe so far—­and that they seemed to be focusing on cryptocurrency firms with “surgical precision.”

According to a secret mission launched by South Korean Spy Agency ‘The National Intelligence Service (NIS)’ North Korea hackers have so far managed to siphon $1.2 billion worth digital currency with a large amount($686 million) stolen in the current year i.e. 2022.

NIS anticipates that the year 2023 will witness more such attacks from Kim Jong Un, possibly of larger scale, as they need a large sum to quench their thirst for the eight nuclear tests.

As Kim’s nation is facing a lot of UN sanctions from nations, it has stolen rather than earn and so is launching digital assaults to steal virtual goods.

Baek Jong Wook, the director of the spy agency, has endorsed the news and added that the upcoming year will witness the development of supersonic missiles, intercontinental ballistic missiles, nuclear submarines and such. And as the development needs a lot of currency, the national leader has directed his officials to take an online route to steal foreign currency to save its fragile economy from plunging down.

In the year 2016, North Korea’s illegal activities made United Nations impose sanctions on exports such as coal, textile and sea food. Adding to this economic meltdown was the COVID lock-down around the world that made workers from the Kim led nation to fly back to their land, leading to an economic loss.

This triggered leader Kim to establish a trained group of hackers as a cyber army and they stole currency, intelligence, technology for monetary benefits.

NOTE- Frankly speaking, every nation is nowadays having its own cyber army to indulge in such earn tactics. The only thing is Kim does this in open and other nations indulge in such tactics behind the screens in the name of national security. Edward Snowden has already whistle blown a lot about the NSA in the year 2013 and more is expected to be disclosed soon.

 

The post North Korea steals $1.3 billion worth of digital currency appeared first on Cybersecurity Insiders.