N.Korean Hackers Are Working With European Criminals

Uploaded on 2020-01-07 in INTELLIGENCE--Europe, GOVERNMENT-National, FREE TO VIEW, INTELLIGENCE-Hot Spots-Iran, TECHNOLOGY--Hackers

North Korean state-backed hackers appear to be cooperating with Eastern European cybercriminals according the experts at Sentinel Labs, the newly created threat intelligence divison of SentinelOne. Their finding  suggests digital gangsters and state-backed spies are finding ways to work together online. 

Lazarus Group (also known as “Lazarus,” “Hidden Cobra,” and “Kimsuky”) is an advanced persistent threat (APT) group comprised of operators from “Bureau 121”, the cyber warfare division of North Korea’s clandestine Reconnaiance General Bureau (RGB0 intelligence unit. 

The group has been active since at least 2009 and isthought to operate fromf a multitude of international locations. The 
 Sentinel Labs researcers say that the Lazarus Group, which American prosecutors accuse of organising the leak of emails from Sony Pictures and stealing millions of dollars from the Central Bank of Bangladesh, is getting access to some of its victims through a cybercrime gang dubbed “TrickBot.” 

Lazarus appears to have been interested in a variety of sectors and targets in the last eighteen months, including crypto-currency exchanges, financial institutions, non-governmental organisations, and South Korean individuals. Many North Korea cyber operators are likely not only self-funded but also tasked with earning income for the North Korean regime; Lazarus Group has likely targeted banks crypto-currency exchanges and users to achieve this goal. “For me it’s the biggest crimeware story since I don’t-know-when,” said Vitali Kremez of SentinelOne. “The Lazarus group has a relationship with the most sophisticated, most resourceful Russian botnet operation on the landscape.” 

Clues that Lazarus and TrickBot operators are cooperating have surfaced before when in  April last year BAE researchers developed the theory that the cybercriminals were selling access to compromised organisations to Lazarus.

Subsequentky, the cybersecurity arm of Japanese telecommunications company NTT speculated here that North Korea might be collaborating with Lazarus and TrickBot's operators. Kremez said he found evidence. TrickBot communicated with a Lazarus-controlled server just a couple of hours before that same server was used to help break into the Chilean inter-bank network earlier this year, he said. American officials have also blamed the multi-million dollar heist on North Korea. “That’s the strongest possible evidence linking to a celebrated case of Lazarus intrusion,” said Kremez who also that he thinks the TrickBot operators were likely renting out its services to the North Koreans, or perhaps working on a commission basis. 

Kremez is supported by the experts at Cybereason, which has published a separate report on Trickbot's operations and are reported to be certain that the cybercriminals knew that they were dealing with the North Korean government. 

Sentinel One:            Reuters:         Cybereason

You Might Also Read:

N. Korea’s Hackers Stole $2b To Fund Its Missile Program:

 

 

 

« Warning: Smart TVs Are The IoT Gateway Into Your Home
Cyber Spying For A Future War »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Virus Bulletin

Virus Bulletin

Virus Bulletin is an online security information portal and certification body, providing users with independent intelligence about the latest developments in the global threat landscape.

Synology

Synology

Synology provides high-performance, reliable, and secure Network Attached Storage (NAS) products.

Gigasoft

Gigasoft

Gigasoft provide secure online data backup & cloud backup services for the education sector and businesses.

Advanced Resource Managers (ARM)

Advanced Resource Managers (ARM)

ARM provide specialist recruitment services for technology and engineering including cyber security.

TorGuard

TorGuard

TorGuard is a Virtual Private Network services provider offering secure encrypted access to the internet.

Assystem

Assystem

Assystem delivers a comprehensive security approach for the industrial and service sectors that integrates physical security systems, industrial cyber-security, functional safety and dependability.

Montreal International

Montreal International

You’re an entrepreneur planning to launch a company in an innovative sector such as AI, cybersecurity, 'deeptech' or fintech? You’ve found the right place!

Nostra

Nostra

Nostra are a next generation managed services provider with a constant focus on Security and Business Continuity.

G-71

G-71

G-71 LeaksID is a cutting-edge ITM technology aimed at safeguarding sensitive documents from insider threats.

Cybersecurity Dubai

Cybersecurity Dubai

Protect your business from cyber-attacks with Cybersecurity Dubai, your partner in online security solutions.

VENZA

VENZA

VENZA is a data protection company that can help organisations mitigate their vulnerabilities and ensure compliance, keeping guests and their data safe from breaches.

Beetles Cyber Security

Beetles Cyber Security

Beetles is a crowdsourced penetration testing platform designed to build a trusted, hacker-centric approach to protectan organization’s digital attack surface.

Blattner Technologies

Blattner Technologies

Blattner Technologies mission is to be the leading provider of predictive transformation services and tools in the Data Analytics, Artificial Intelligence and Machine Learning industry.

V2X

V2X

V2X delivers IT support, networking, and cybersecurity solutions that ensure optimal mission support and performance.

Certera

Certera

Certera is a modern and affordable SSL Certificate, Code Signing Certificate, and Cyber Security Services provider.

rThreat

rThreat

rThreat is a cloud-based SaaS solution that challenges your cyber defenses using real-world and custom threats in a secure environment, ensuring your readiness for attacks.