N.Korean Hackers Are Working With European Criminals

Uploaded on 2020-01-07 in INTELLIGENCE--Europe, GOVERNMENT-National, FREE TO VIEW, INTELLIGENCE-Hot Spots-Iran, TECHNOLOGY--Hackers

North Korean state-backed hackers appear to be cooperating with Eastern European cybercriminals according the experts at Sentinel Labs, the newly created threat intelligence divison of SentinelOne. Their finding  suggests digital gangsters and state-backed spies are finding ways to work together online. 

Lazarus Group (also known as “Lazarus,” “Hidden Cobra,” and “Kimsuky”) is an advanced persistent threat (APT) group comprised of operators from “Bureau 121”, the cyber warfare division of North Korea’s clandestine Reconnaiance General Bureau (RGB0 intelligence unit. 

The group has been active since at least 2009 and isthought to operate fromf a multitude of international locations. The 
 Sentinel Labs researcers say that the Lazarus Group, which American prosecutors accuse of organising the leak of emails from Sony Pictures and stealing millions of dollars from the Central Bank of Bangladesh, is getting access to some of its victims through a cybercrime gang dubbed “TrickBot.” 

Lazarus appears to have been interested in a variety of sectors and targets in the last eighteen months, including crypto-currency exchanges, financial institutions, non-governmental organisations, and South Korean individuals. Many North Korea cyber operators are likely not only self-funded but also tasked with earning income for the North Korean regime; Lazarus Group has likely targeted banks crypto-currency exchanges and users to achieve this goal. “For me it’s the biggest crimeware story since I don’t-know-when,” said Vitali Kremez of SentinelOne. “The Lazarus group has a relationship with the most sophisticated, most resourceful Russian botnet operation on the landscape.” 

Clues that Lazarus and TrickBot operators are cooperating have surfaced before when in  April last year BAE researchers developed the theory that the cybercriminals were selling access to compromised organisations to Lazarus.

Subsequentky, the cybersecurity arm of Japanese telecommunications company NTT speculated here that North Korea might be collaborating with Lazarus and TrickBot's operators. Kremez said he found evidence. TrickBot communicated with a Lazarus-controlled server just a couple of hours before that same server was used to help break into the Chilean inter-bank network earlier this year, he said. American officials have also blamed the multi-million dollar heist on North Korea. “That’s the strongest possible evidence linking to a celebrated case of Lazarus intrusion,” said Kremez who also that he thinks the TrickBot operators were likely renting out its services to the North Koreans, or perhaps working on a commission basis. 

Kremez is supported by the experts at Cybereason, which has published a separate report on Trickbot's operations and are reported to be certain that the cybercriminals knew that they were dealing with the North Korean government. 

Sentinel One:            Reuters:         Cybereason

You Might Also Read:

N. Korea’s Hackers Stole $2b To Fund Its Missile Program:

 

 

 

« Warning: Smart TVs Are The IoT Gateway Into Your Home
Cyber Spying For A Future War »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ENVEIL

ENVEIL

ENVEIL’s technology is the first scalable commercial solution to cryptographically secure Data in Use.

Secure Innovations

Secure Innovations

Secure Innovations is a cybersecurity firm dedicated to providing top-tier cyber security solutions for the Defense and the Intelligence Community.

ST Engineering

ST Engineering

ST Engineering is a leading provider of trusted and innovative cybersecurity solutions.

Cloudentity

Cloudentity

Cloudentity combines Identity for all things with API and Application security in a unique deployment model, combining cloud-transformation and legacy systems.

Cowbell Cyber

Cowbell Cyber

Cowbell Cyber™ offers continuous risk assessment, comprehensive cyber liability coverage, and continuous underwriting through an AI-powered platform.

Sylint

Sylint

Sylint is an internationally recognized cyber security and digital data forensics firm with extensive experience discretely addressing some of today’s biggest cyber breaches.

RevBits

RevBits

RevBits provides high-performance cybersecurity solutions including email security, endpoint security, deception technology and PAM solution to enterprise companies and public sector organizations.

Constella Intelligence

Constella Intelligence

Constella Intelligence provides digital risk protection services to quickly and efficiently disrupt cyber attacks and data breaches before they occur.

BreachLock

BreachLock

Breachlock delivers the most comprehensive Penetration Testing as a Service (PtaaS) powered by Certified Hackers and AI.

Bosch Global Software Technologies (BGSW)

Bosch Global Software Technologies (BGSW)

Bosch Global Software Technologies offer an advanced innovation for AI security. The Bosch AIShield is the definite answer to safeguard your business against model extraction attacks.

DH2i Company

DH2i Company

DH2i is a leading provider of multi-platform Software Defined Perimeter and Smart Availability software enabling customers to create an entire IT infrastructure that is always-secure and always-on.

Cognisys Group

Cognisys Group

Cognisys provides cyber security penetration testing and compliance services from its offices in Leeds and Manchester.

First Focus

First Focus

First Focus is a managed service provider for medium-sized organisations.

Framework Security

Framework Security

With Framework Security, you get more than a consultancy; you get a partner dedicated to simplifying cybersecurity and protecting your business in the most efficient way possible.

Evolver

Evolver

Evolver delivers technology services and solutions that improve security, promote innovation, and maximize operational efficiency in support of government and commercial customers.

Genix Cyber

Genix Cyber

Genix Cyber provides world-class cybersecurity services that protect systems, cloud applications, infrastructure, critical data, and networks from evolving cyber threats.