N.Korean Hackers Are Working With European Criminals

North Korean state-backed hackers appear to be cooperating with Eastern European cybercriminals according the experts at Sentinel Labs, the newly created threat intelligence divison of SentinelOne. Their finding  suggests digital gangsters and state-backed spies are finding ways to work together online. 

Lazarus Group (also known as “Lazarus,” “Hidden Cobra,” and “Kimsuky”) is an advanced persistent threat (APT) group comprised of operators from “Bureau 121”, the cyber warfare division of North Korea’s clandestine Reconnaiance General Bureau (RGB0 intelligence unit. 

The group has been active since at least 2009 and isthought to operate fromf a multitude of international locations. The 
 Sentinel Labs researcers say that the Lazarus Group, which American prosecutors accuse of organising the leak of emails from Sony Pictures and stealing millions of dollars from the Central Bank of Bangladesh, is getting access to some of its victims through a cybercrime gang dubbed “TrickBot.” 

Lazarus appears to have been interested in a variety of sectors and targets in the last eighteen months, including crypto-currency exchanges, financial institutions, non-governmental organisations, and South Korean individuals. Many North Korea cyber operators are likely not only self-funded but also tasked with earning income for the North Korean regime; Lazarus Group has likely targeted banks crypto-currency exchanges and users to achieve this goal. “For me it’s the biggest crimeware story since I don’t-know-when,” said Vitali Kremez of SentinelOne. “The Lazarus group has a relationship with the most sophisticated, most resourceful Russian botnet operation on the landscape.” 

Clues that Lazarus and TrickBot operators are cooperating have surfaced before when in  April last year BAE researchers developed the theory that the cybercriminals were selling access to compromised organisations to Lazarus.

Subsequentky, the cybersecurity arm of Japanese telecommunications company NTT speculated here that North Korea might be collaborating with Lazarus and TrickBot's operators. Kremez said he found evidence. TrickBot communicated with a Lazarus-controlled server just a couple of hours before that same server was used to help break into the Chilean inter-bank network earlier this year, he said. American officials have also blamed the multi-million dollar heist on North Korea. “That’s the strongest possible evidence linking to a celebrated case of Lazarus intrusion,” said Kremez who also that he thinks the TrickBot operators were likely renting out its services to the North Koreans, or perhaps working on a commission basis. 

Kremez is supported by the experts at Cybereason, which has published a separate report on Trickbot's operations and are reported to be certain that the cybercriminals knew that they were dealing with the North Korean government. 

Sentinel One:            Reuters:         Cybereason

You Might Also Read:

N. Korea’s Hackers Stole $2b To Fund Its Missile Program:

 

 

 

« Warning: Smart TVs Are The IoT Gateway Into Your Home
Cyber Spying For A Future War »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

City Security Magazine

City Security Magazine

City Security magazine helps promote best security practices and keep businesses informed on a wide variety of security-related issues.

Marsh

Marsh

Marsh is a global leader in insurance broking and risk management and has been a leader in combatting cyber threats since their emergence.

Taqnia Cyber

Taqnia Cyber

Taqnia Cyber specializes in the fields of cyber security, intelligence, operations, and training. It offers its services and consultations to both public and private sectors.

Secure Soft

Secure Soft

Secure Soft are experts in Computer and Information Security with a presence in Peru, Colombia and Ecuador.

EPIC Insurance Brokers & Consultants

EPIC Insurance Brokers & Consultants

EPIC is an insuarnce broker and consultancy firm. Risk management services include risk consultancy and cybersecurity insurance.

Scythe

Scythe

SCYTHE is a next generation red team platform for continuous and realistic enterprise risk assessments.

Billington CyberSecurity

Billington CyberSecurity

Billington CyberSecurity is a leading, independent education company with an exclusive focus on cybersecurity.

Schweitzer Engineering Laboratories (SEL)

Schweitzer Engineering Laboratories (SEL)

SEL specializes in creating digital products and systems that protect, control, and automate power systems around the world.

Silent Sector

Silent Sector

Silent Sector is a cybersecurity services company that specializes in providing a wide range of managed security services.

Help AG

Help AG

Help AG provides leading enterprise businesses and governments across the Middle East with strategic consultancy combined with tailored information security solutions and services.

Teleport

Teleport

Teleport is a remote-first technology company. We enable engineers to quickly access any computing resource anywhere on the planet.

PhishProtection

PhishProtection

We created Phish Protection to prevent all types of phishing including spear phishing protection and office 365 email protection for your small business.

IPKeys Cyber Partners

IPKeys Cyber Partners

IPKeys Cyber Partners, together with the IPKeys Power Partners unit, provide Cyber Security and CIP Compliance for utilities, grid operators and public safety organization across the USA.

iNovex

iNovex

iNovex is a community of innovators that work together to solve hard problems. We partner with you to meet problems head-on and push boundaries with technology solutions.

Global Resilience Federation (GRF)

Global Resilience Federation (GRF)

GRF builds, develops and connects security information sharing communities for mutual defense.

CoinCover

CoinCover

Blockchain technology is changing everything. However, it brings its own set of unique risks. Coincover ensures everyone is protected, enabling them to innovate freely, without constraints.