Financial Institutions in US, East Asia Spoofed by Suspected North Korean Hackers

There are renewed concerns North Korea’s army of hackers is targeting financial institutions to prop up the regime in Pyongyang and possibly fund its weapons programs.

A report published Tuesday by the cybersecurity firm Recorded Future finds North Korean aligned actors have been spoofing well-known financial firms in Japan, Vietnam and the United States, sending out emails and documents that, if opened, could grant the hackers access to critical systems.

“The targeting of investment banking and venture capital firms may expose sensitive or confidential information of these entities or their customers,” according to the report by Recorded Future’s Insikt Group.

“[It] may result in legal or regulatory action, jeopardize pending business negotiations or agreements, or expose information damaging to the company’s strategic investment portfolio,” it said.

The report said the most recent cluster of activity took place between September 2022 and March 2023, making use of three new internet addresses and two old addresses, and more than 20 domain names.

Some of the domains imitated those used by the targeted financial institutions.

Recorded Future’s named the group behind the attacks Threat Activity Group 71 (TAG-71), which is also known as APT38, Bluenoroff, Stardust Chollima and the Lazarus Group.

This past April, the U.S. sanctioned three individuals associated with the Lazarus Group, accusing them of helping North Korea launder stolen virtual currencies and turn it into cash.

U.S. Treasury officials levied additional sanctions just last month against North Korea’s Technical Reconnaissance Bureau, which develops tools and operations to be carried out by the Lazarus Group.

The Lazarus Group is believed to be responsible for the largest theft of virtual currency to date, stealing approximately $620 million connected to a popular online game in Match 2022.

Earlier this month, U.S. and South Korean agencies issued a warning about another set of North Korean cyber actors impersonating think tanks, academic institutions and journalists in an ongoing attempt to collect intelligence.

 

         

leave a reply: