North Korean Cyber Heists: They’re Back!
Last year, a Symantec report put together evidence on a string of attacks on banks in Vietnam, Ecuador and most notoriously Bangladesh. The attacks were associated with the threat group Lazarus and carried a signature in the form of code seen in attacks on banks and media companies in South Korea in 2013 and the infamous Sony hack in December 2014 (posts here and here).
Symantec has now concluded that Lazarus is back, with attacks aimed at 104 organizations in 31 countries. The information was discovered following attacks on 20 Polish banks last fall, but analysis of the data by the New York Times found that the World Bank, the European Central Bank, central banks in Russia, Venezuela, Mexico, Chile and the Czech Republic as well as large money-center banks in the US were also on the hit list.
In related news, the Wall Street Journal broke the story that the FBI has been investigating the Bangladesh bank heist since last year and that prosecutions might be in train. The most important part of the story: “prosecutors believe Chinese middlemen helped North Korea orchestrate the theft from Bangladesh's central bank.” This new intelligence opens yet another front in the effort to get China to help manage the continually-morphing North Korea challenge. However, it may prove easier than anticipated to get Chinese cooperation on this one. It appears that only one Chinese bank was targeted, but it was none other than Bank of China branches in Hong Kong and the U.S. Given the country’s low-rent internet architecture, it is almost certain that the North Korean agents conducting these operations are operating out of other countries, including China, Southeast Asia and Europe. A natural hiding place: as embassy attachés of various sorts. A low-tech way of reducing this activity: greater scrutiny of embassy personnel and other North Koreans operating abroad; see our discussion of the challenges on this front here, where a recent passport index provides insight into possible North Korean enablers.
The following story has been corrected to acknowledge the work of ARUNA VISWANATHA and NICOLE HONG at the WSJ in breaking the story on prosecution around the Bangladesh bank heist.