North Korea's Unit 180 Managed WannaCry Attack

WannaCry ransomware cyber-attack has hit more than 200,000 computers in 150 countries…

A hacking group closely tied to North Korea was behind the massive WannaCry attack earlier this month, security company Symantec says.

The way the attack was set up made it "highly likely" that the Lazarus group was responsible, it said. 

Lazarus has been blamed for a 2014 attack on Sony and the theft of $81m (£62m) from Bangladesh's central bank. In those attacks, the group is believed to have worked on behalf of North Korea's government.

North Korea's main spy agency has a special cell called Unit 180 that is likely to have launched some of its most daring and successful cyber-attacks, according to defectors, officials and internet security experts.
North Korea has been blamed in recent years for a series of online attacks, mostly on financial networks, in the United States, South Korea and over a dozen other countries. 
Kim Heung-kwang, a former computer science professor in North Korea who defected to the South in 2004 and still has sources inside North Korea, said Pyongyang's cyber-attacks aimed at raising cash are likely organized by Unit 180, a part of the Reconnaissance General Bureau (RGB), its main overseas intelligence agency.

"Unit 180 is engaged in hacking financial institutions (by) breaching and withdrawing money out of bank accounts," Kim told Reuters. He has previously said that some of his former students have joined North Korea's Strategic Cyber Command, its cyber-army.

"The hackers go overseas to find somewhere with better internet services than North Korea so as not to leave a trace," Kim added. He said it was likely they went under the cover of being employees of trading firms, overseas branches of North Korean companies, or joint ventures in China or Southeast Asia.

Cyber security researchers have also said they have found technical evidence that could link North Korea with the global WannaCry "ransomware" cyber-attack that infected more than 300,000 computers in 150 countries this month. Pyongyang has called the allegation "ridiculous".

The crux of the allegations against North Korea is its connection to a hacking group called Lazarus that is linked to last year's $81 million cyber heist at the Bangladesh central bank and the 2014 attack on Sony's Hollywood studio. The US government has blamed North Korea for the Sony hack and some US officials have said prosecutors are building a case against Pyongyang in the Bangladesh Bank theft. 

No conclusive proof has been provided and no criminal charges have yet been filed. North Korea has also denied being behind the Sony and banking attacks.

North Korea is one of the most closed countries in the world and any details of its clandestine operations are difficult to obtain. But experts who study the reclusive country and defectors who have ended up in South Korea or the West have provided some clues.

Kim Heung-kwang, a former computer science professor in North Korea who defected to the South in 2004 and still has sources inside North Korea, said Pyongyang's cyber-attacks aimed at raising cash are likely organized by Unit 180, a part of the Reconnaissance General Bureau (RGB), its main overseas intelligence agency.
"Unit 180 is engaged in hacking financial institutions (by) breaching and withdrawing money out of bank accounts," Kim told Reuters. He has previously said that some of his former students have joined North Korea's Strategic Cyber Command, its cyber-army.
"The hackers go overseas to find somewhere with better internet services than North Korea so as not to leave a trace," Kim added. He said it was likely they went under the cover of being employees of trading firms, overseas branches of North Korean companies, or joint ventures in China or Southeast Asia.

James Lewis, a North Korea expert at the Washington-based Center for Strategic and International Studies, said Pyongyang first used hacking as a tool for espionage and then political harassment against South Korean and U.S. targets.
"They changed after Sony by using hacking to support criminal activities to generate hard currency for the regime," he said. 
"So far, it's worked as well or better as drugs, counterfeiting, smuggling, all their usual tricks," Lewis said.
The US Department of Defense said in a report submitted to Congress last year that North Korea likely "views cyber as a cost-effective, asymmetric, deniable tool that it can employ with little risk from reprisal attacks, in part because its networks are largely separated from the Internet".
"It is likely to use Internet infrastructure from third-party nations," the report said.
South Korean officials say they have considerable evidence of North Korea's cyber warfare operations.
"North Korea is carrying out cyber-attacks through third countries to cover up the origin of the attacks and using their information and communication technology infrastructure," Ahn Chong-ghee, South Korea's vice foreign minister, told Reuters in written comments.

Besides the Bangladesh Bank heist, he said Pyongyang was also suspected in attacks on banks in the Philippines, Vietnam and Poland.

In June last year, police said the North hacked into more than 140,000 computers at 160 South Korean companies and government agencies, planting malicious code as part of a long-term plan to lay the groundwork for a massive cyber-attack on its rival.  

North Korea was also suspected of staging cyber-attacks against the South Korean nuclear reactor operator in 2014, although it denied any involvement.
That attack was conducted from a base in China, according to Simon Choi, a senior security researcher at Seoul-based anti-virus company Hauri Inc.
"They operate there so that regardless of what kind of project they do, they have Chinese IP addresses," said Choi, who has conducted extensive research into North Korea's hacking capabilities.
Malaysia has also been a base for North Korean cyber operations, according to Yoo Dong-ryul, a former South Korean police researcher who studied North Korean espionage techniques for 25 years.
They work in trading or IT programming companies on the surface," Yoo told Reuters. "Some of them run websites and sell game and gambling programs".
Two IT firms in Malaysia have links to North Korea's RGB spy agency, according to a Reuters investigation this year, although there was no suggestion either of them was involved in hacking.

Michael Madden, a US-based expert on the North Korean leadership, said Unit 180 was one of many elite cyber warfare groups in the North Korean intelligence community.
"The personnel are recruited from senior middle schools and receive advanced training at some elite training institutions," Madden told Reuters. 
"They have a certain amount of autonomy in their missions and tasking as well," he said, adding that they could be operating from hotels in China or Eastern Europe.
In the United States, officials said there was no conclusive evidence that North Korea was behind the WannaCry ransomware, but that was no reason to be complacent.
"Whether or not they are directly involved with ransomware doesn't change the fact that they are a real cyber threat," said a senior administration official, who spoke on condition of anonymity.

Dmitri Alperovitch, co-founder of prominent US security firm CrowdStrike Inc, added: "Their capabilities have improved steadily over time, and we consider them to be a threat actor that is capable of inflicting significant damage on US private or government networks."

BBC:        Ein News:      Ein News

You Might Also Read:

SWIFT Hackers Linked to ‘North Korean’ Lazarus Group:

What We Know About The WannaCry Cyberattack So Far:

WannaCry Attack Is A Big Wake-Up Call:

Microsoft, Kaspersky & Symnantec Weigh In On WannaCry Ransomware:

 

 

« A Major Development in Deep-Learning
Electronic Warfare Development Rate »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

SOTI

SOTI

SOTI is an industry leader in Enterprise Mobility Management (EMM).

Northbridge Insurance

Northbridge Insurance

Northbridge is a leading Canadian business insurance provider. Services offered include Cyber Risk insurance.

Jetico

Jetico

Jetico provides pure & simple data protection software for all sensitive information throughout the lifecycle. Solutions include data encryption and secure data erasure.

Global Information Assurance Certification (GIAC)

Global Information Assurance Certification (GIAC)

GIAC provides certification in the knowledge and skills necessary for a practitioner in key areas of computer, information and software security.

CyberOne

CyberOne

CyberOne (formerly Comtact) offer a full stack cybersecurity service to ensure our customers understand the cyber maturity of their organisation.

Luxembourg Office of Accreditation & Surveillance (OLAS)

Luxembourg Office of Accreditation & Surveillance (OLAS)

OLAS is the national accreditation body for Luxembourg. The directory of members provides details of organisations offering certification services for ISO 27001.

Naukrigulf

Naukrigulf

Naukrigulf.com is one of the fastest growing job sites in the Gulf, with thousands of registered job seekers and a robust CV database across many sectors, including cybersecurity.

Blockchains LLC

Blockchains LLC

Blockchains is committed to changing the world for the better. Using blockchain and other innovative technologies, we’ll build new systems, new security, and new interactions.

BluBracket

BluBracket

BluBracket is the first comprehensive security solution that makes code safe—so developers can innovate and collaborate, and security teams can sleep at night.

Centraleyes

Centraleyes

Centraleyes (formerly CyGov) is a cutting-edge integrated cyber risk management platform that gives organizations unparalleled understanding of their cyber risk and compliance.

CICRA Consultancies

CICRA Consultancies

Cicra Consultancies is a company that specializes in cyber security. Our major activities are guided by three main principles: Prevent, Investigate, Prosecute.

Cyber Management Alliance

Cyber Management Alliance

Cyber Management Alliance is closing the divide in cyberspace by bringing together the best qualities of thought leadership and operational mastery of cyber security management.

Information Technology Solutions (ITS)

Information Technology Solutions (ITS)

Information Technology Solutions is a single source provider for managing and securing mission-critical IT services.

HEAL Security

HEAL Security

HEAL Security is the global authority for cybersecurity data, research and insights across the healthcare sector.

Trustack

Trustack

Trustack services cover connectivity, infrastructure services, security, unified comms, agile working and more. Our team of consultants deliver customised solutions tailored to your needs.

Standard Notes

Standard Notes

Standard Notes is a secure digital notes app that protects your notes and files with audited, industry-leading end-to-end encryption.