N. Korea’s Hackers Stole $2b To Fund Its Missile Program

The North Korean government will now be spending $2 billion on its weapons programme. Money it stole from cyber-attacks on foreign financial institutions.This comes from an unpublished United Nations Report, which was seen by Reuters on  5th August. 

The UN experts said North Korea “used cyberspace to launch increasingly sophisticated attacks to steal funds from financial institutions and cryptocurrency exchanges to generate income.” They also used cyberspace to launder the stolen money, the Report said.

The confidential UN report was prepared by a team of independent experts, who submitted it to the UN Security Council North Korea sanctions committee recently.

The authors of the Report claimed to have monitored North Korea's compliance over six months and found that it had repeatedly launched sophisticated and widespread attacks to steal funds from overseas banks and cryptocurrency exchanges to support its weapons programmes. The country also used cyberspace to launder the stolen money.

According to the Report, the income generated via large-scale cyber-attacks against crypto-currency exchanges is harder to track and is subject to less government oversight than the traditional banking sector. 

North Korean threat actors were blamed for the attempted theft of $951m from Bangladesh Bank in 2016 which, was stopped because of the attackers poor spelling which was rejected 

The Report claims that many of the North Korea advanced persistent threat (APT) groups operate under the guidance of North Korea's Reconnaissance General Bureau, the top military intelligence agency of the country. Moreover, there are several secretive government entities that based in foreign countries, working under diplomatic cover to procure technology and equipment for North Korea's weapons programmes.

The Report indicated there are currently investigations into about 35  reported instances of cyber-attacks conducted by North Korean APT groups against financial institutions and cryptocurrency exchanges in about 17 countries.

North Korea has continued to boost its nuclear and missile programmes in recent months, the experts said, although it refrained from conducting Intercontinental Ballistic Missile launches or a nuclear test. In 2006, the UN Security Council imposed sanctions on North Korea to check funding for Pyongyang's missiles programmes. 

The government of Kim Jong-un and his predecessors have long been involved in international organised crime and they are now using a range of hacking gangs like Hidden Cobra and different malware.

Reuters:              Computing:

You Might Also Read:

Surge Of Attacks On Banking & Finance Using N Korean Tools:

 

« Microsoft Say The IoT Is Under Attack
Training Robots & Human Bias »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Securosis

Securosis

Securosis is an information security research and advisory firm dedicated to improving the practice of information security.

CCN-CERT

CCN-CERT

CCN-CERT is the Spanish national government computer security incident response centre.

GovCERT.HK

GovCERT.HK

GovCERT.HK is the Government Computer Emergency Response Team for Hong Kong.

Proact IT Group

Proact IT Group

Proact is Europe's leading independent data centre and Cloud services enabler. We deliver flexible, accessible and secure IT solutions and services.

Meiya Pico Information Co

Meiya Pico Information Co

Meiya Pico is the leading digital forensics and information security products and service provider in China.

Sweepatic

Sweepatic

The Sweepatic reconnaissance platform discovers and analyses all internet facing assets and their exposure to risk.

Cyber@StationF

Cyber@StationF

Cyber@StationF is an up to 6 months international startup acceleration programme, whose members provide solutions for the Cybersecurity industry.

Bloc Ventures

Bloc Ventures

Bloc Ventures is an investment company providing long-term, ‘patient’ equity capital to early stage unquoted deep technology companies.

ClubCISO

ClubCISO

ClubCISO is a community of peers, working together to help shape the future of the information security profession by facilitating independent discussion on data security and cyber resilience.

Outseer

Outseer

Outseer is a leading technology company in the fight against payments fraud. Outseer reliably determines authentic customers from fraudulent behavior.

ITSEC Asia

ITSEC Asia

ITSEC Asia works to effectively reduce exposure to information security threats and improve the effectiveness of its clients' information security management systems.

Trellix

Trellix

Trellix is an extended detection and response (XDR) solutions provider created from a merger of McAfee Enterprise and FireEye Products.

gener8tor

gener8tor

The gener8tor Cybersecurity Accelerator offers a cutting-edge program in San Antonio, home to the second-largest concentration of cybersecurity experts in the United States.

CyAmast

CyAmast

CyAmast is an IoT Network security and analytics company that is changing the way enterprise and governments detect and protect networks from the pervasive threat of cyber attacks.

Prompt Security

Prompt Security

Prompt Security provides an LLM agnostic approach to ensure security, data privacy and safety across all aspects of Generative AI.

Health Sector Cybersecurity Coordination Center (HC3)

Health Sector Cybersecurity Coordination Center (HC3)

HC3 was created by the US Department of Health and Human Services to aid in the protection of vital, controlled, healthcare-related information.