N.Korean Hackers Are Working With European Criminals

Uploaded on 2020-01-07 in INTELLIGENCE--Europe, GOVERNMENT-National, FREE TO VIEW, INTELLIGENCE-Hot Spots-Iran, TECHNOLOGY--Hackers

North Korean state-backed hackers appear to be cooperating with Eastern European cybercriminals according the experts at Sentinel Labs, the newly created threat intelligence divison of SentinelOne. Their finding  suggests digital gangsters and state-backed spies are finding ways to work together online. 

Lazarus Group (also known as “Lazarus,” “Hidden Cobra,” and “Kimsuky”) is an advanced persistent threat (APT) group comprised of operators from “Bureau 121”, the cyber warfare division of North Korea’s clandestine Reconnaiance General Bureau (RGB0 intelligence unit. 

The group has been active since at least 2009 and isthought to operate fromf a multitude of international locations. The 
 Sentinel Labs researcers say that the Lazarus Group, which American prosecutors accuse of organising the leak of emails from Sony Pictures and stealing millions of dollars from the Central Bank of Bangladesh, is getting access to some of its victims through a cybercrime gang dubbed “TrickBot.” 

Lazarus appears to have been interested in a variety of sectors and targets in the last eighteen months, including crypto-currency exchanges, financial institutions, non-governmental organisations, and South Korean individuals. Many North Korea cyber operators are likely not only self-funded but also tasked with earning income for the North Korean regime; Lazarus Group has likely targeted banks crypto-currency exchanges and users to achieve this goal. “For me it’s the biggest crimeware story since I don’t-know-when,” said Vitali Kremez of SentinelOne. “The Lazarus group has a relationship with the most sophisticated, most resourceful Russian botnet operation on the landscape.” 

Clues that Lazarus and TrickBot operators are cooperating have surfaced before when in  April last year BAE researchers developed the theory that the cybercriminals were selling access to compromised organisations to Lazarus.

Subsequentky, the cybersecurity arm of Japanese telecommunications company NTT speculated here that North Korea might be collaborating with Lazarus and TrickBot's operators. Kremez said he found evidence. TrickBot communicated with a Lazarus-controlled server just a couple of hours before that same server was used to help break into the Chilean inter-bank network earlier this year, he said. American officials have also blamed the multi-million dollar heist on North Korea. “That’s the strongest possible evidence linking to a celebrated case of Lazarus intrusion,” said Kremez who also that he thinks the TrickBot operators were likely renting out its services to the North Koreans, or perhaps working on a commission basis. 

Kremez is supported by the experts at Cybereason, which has published a separate report on Trickbot's operations and are reported to be certain that the cybercriminals knew that they were dealing with the North Korean government. 

Sentinel One:            Reuters:         Cybereason

You Might Also Read:

N. Korea’s Hackers Stole $2b To Fund Its Missile Program:

 

 

 

« Warning: Smart TVs Are The IoT Gateway Into Your Home
Cyber Spying For A Future War »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

L J Kushner & Associates

L J Kushner & Associates

L.J. Kushner is a leading Information Security recruiting firm.

Norwegian Business & Industry Security Council (NSR)

Norwegian Business & Industry Security Council (NSR)

NSR is a member organization serving the Norwegian business sector in an advisory capacity on matters relating to crime and security including cyber.

Communications Authority of Kenya

Communications Authority of Kenya

The Authority is responsible for facilitating the development of the information and communications sectors including; broadcasting, telecommunications, electronic commerce and cybersecurity.

Callsign

Callsign

Callsign’s mission is to seamlessly power the identification of every web, mobile and physical interaction.

Banshie

Banshie

Banshie is an independent cyber security company with a small team of recognized specialist that are among the best in their field.

Quintillion Consulting

Quintillion Consulting

Quintillion Consulting is a strategic risk based consulting firm. We help companies safeguard the core business and IT capabilities that deliver competitive advantage.

Kontex

Kontex

Kontex is a Cyber Security consultancy creating resilient solutions. From Strategy, Advisory and Implementation to Management and everything in between.

ITProTV

ITProTV

ITProTV is part of the ACI Learning family of companies providing Audit, Cyber, and IT learning solutions for enterprise and consumer markets.

SandboxAQ

SandboxAQ

SandboxAQ is an enterprise SaaS company combining AI + Quantum tech to solve hard problems impacting society.

ViewQwest

ViewQwest

ViewQwest is a regional telecommunications & information technology services company. We specialize in providing Connectivity, Managed Network, Managed SD-WAN, and Managed Security solutions.

Oort

Oort

Oort is an identity threat detection and response platform for enterprise security. The Oort platform is API-driven, cloud-native and agentless for rapid time to value and high scalability.

BitLyft

BitLyft

BitLyft is a managed detection and response provider that is dedicated to delivering unparalleled protection from cyber attacks for organizations of all sizes.

Hive

Hive

Hive is a leading provider of cloud-based AI solutions to understand, search, and generate content, and is trusted by hundreds of the world's largest and most innovative organizations.

Secure Blink

Secure Blink

Secure Blink provides automated application and API security solutions that empower developers and security engineers to protect critical assets from exploitation.

TerraZone

TerraZone

TerraZone is a global cyber security and privacy solutions provider to governments and enterprises.

Click Studios

Click Studios

Click Studios is an Agile software development company specialising in the development of a secure Enterprise Password Management solution called Passwordstate.