New U.S. sanctions have been placed against hackers in North Korea who are gearing up their cyber operations. It is becoming a revenue stream in North Korea and also is a national security threat to the United States and other countries as cyber warfare is aimed at financial systems, industries, the U.S., and North Korea’s weapons program. According to officials, Pyongyang is looking to grow its geopolitical power and counter global sanctions through its sophisticated cyber capabilities.
So far, three hacking groups from North Korea have been blacklisted by the U.S. Treasury Department. The hacking groups are run by the primary intelligence service from North Korea and are responsible for hacking problems across ten countries. There were millions of dollars stolen from banks, pilfering military secrets, cryptocurrency exchanges, and destabilizing infrastructures. The hackers were also intimidating their adversaries.
The three groups of hackers call themselves Lazarus Group, Andariel, and Bluenoroff, and there was approximately $700 million stolen in the last three years. They tried to take $2 billion extra but failed. Overall there was over $2 billion total throughout a couple of years taken that the United Nations sent investigators to look into the hacking problems. A U.S. senior official says there is more money stolen but was not reported due to exposure or embarrassment from being robbed. North Korea denies the claims and declined to comment on any malicious cyber activity.
In the last few months, the U.S Treasury Department stated they were working with these groups to stop the hackers, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, as well as with the U.S. military’s Cyber Command.
“Hidden Cobra” is a North Korean rubric used in cyber crimes when a public alert was sent out about a new malware named “ELECTROFISH.” This virus goes into a victim’s computer and steals all the data from the unit. These are the types of viruses officials are finding inside the networks of banks and companies which has North Korea written all over it.
John Hultquist, director of intelligence analysis at the U.S. cybersecurity company FireEye Inc. stated, “Though these operations may fund the hackers themselves, their sheer scale suggests that they are a financial lifeline for a regime that has long depended on illicit activities to fund itself.” The top threats to the U.S. national security as per Cyber Command are China, Russia, Iran, and North Korea.
Experts in the cyber world claim that North Korea’s hacking abilities are what is allowing Kim Jong Un to talk with the U.S. over denuclearizing. They are thinking the cyber arsenal may be far more dangerous, and in a way, it is. Mathew Ha and David Maxwell are the North Korean experts at the Foundation for Defense of Democracies and both agree, “North Korea’s cyber operations broaden the Kim family regime’s toolkit for threatening the military, economic, and even the political strength of its adversaries and enemies.”
The hacking operations constitute a significant money-making scheme, and they are not likely going to give up the malicious activity over sanctions. They are money crazy and will not be pressured between the U.S. and the U.N. Investigations even show cash from the malicious activity was funneled into the nuclear weapons and ballistic-missiles program. The cyber attacks are harder to catch and trace back to North Korea more than the illicit physical activities.
Just across five continents, there were 35 known reports from the U.N. that were confirmed cyber attacks. In 2017, over 300,000 computers were hacked in over 150 countries. Hospitals, banks, and other companies were affected and were crippled and helpless to these attacks. The Trump administration called out the Lazarus Group for putting out the WannaCry worm in the incident.
Two of the heist in 2019 were reported where one was successful, and the other one was not. The Bangladesh heist never happened due to the hackers misspelled a word or misplaced a number. The other one was where North Korean hackers stole $49 million from a Kuwait institution.
The latest scheme is also done through freelance platforms where they pose to be freelancers and software programmers. They are contractors who put out their services, and they do not let on they are North Korean hackers. Once they get into a company’s system through their so-called services, it is too late. The company’s networks are already hacked, and the viruses spread like wildfire. Companies rely on freelance platforms for their copy and are at the hacker’s mercy.