United Nations Investigating N Korean Cyber Attacks

The United Nations is now investigating 30 North Korean cyber-attacks against 17 different countries. North Koreans the UN says is using cyber-attacks to raise money for weapons of mass destruction programmes. Now the UN is calling for sanctions against ships providing petrol and diesel on route to N. Korea.

Recently, The Associated Press quoted a report from the cyber security specialist firm FireEye which said that North Korea stole as much as US $2.77 billion using cyber-attacks on banks and finance organisations. 

The Report suggest that S. Korea was the hit hardest by ten attacks, India had three, Bangladesh and Chile were hit by three attacks and another 13 countries were hit at least once Costa Rica, Gambia, Guatemala, Kuwait, Liberia, Malaysia, Malta, Nigeria, Poland, Slovenia, South Africa, Tunisia and Vietnam.

The Report says there are three main ways that North Korean hackers operate:

  • Attacks through the Society for Worldwide Interbank Financial Telecommunication or Swift system used to transfer money between banks, "with bank employee computers and infrastructure accessed to send fraudulent messages and destroy evidence".
  • Theft of crypto-currency "through attacks on both exchanges and users".
  • "Mining" of crypto-currency as a source of funds for a professional branch of the military".
  • The FireEye experts say that these increasingly sophisticated attacks "is low risk and high yield", often requiring just a laptop computer and access to the Internet.

The report to the UN Security Council provides details on some of the North Korean cyber-attacks as well as the country's successful efforts to evade sanctions on coal exports in addition to imports of refined petroleum products and luxury items including Mercedes-Benz S-600 cars.

One Mercedes Maybach S-Class limousine and other S-600s, as well as a Toyota Land Cruiser, were transferred from North Korea to Vietnam for last February's summit between North Korean leader Kim Jong Un and US President Donald Trump. 
The panel recommended sanctions against six North Korean vessels for evading sanctions and illegally carrying out ship-to-ship transfers of refined petroleum products. 

Under UN sanctions, North Korea is limited to importing 500,000 barrels of such products annually including petrol and diesel. The United States and 25 other countries said North Korea exceeded the limit in the first four months of this year.

The panel also recommended sanctions against the captain, owner and parent company of the North Korean-flagged Wise Honest, which was detained by Indonesia in April last year with an illegal shipment of coal.

The experts said North Korean cyber actors have been targeting crypto-currency exchanges in South Korea, some repeatedly.

Straits Times

You Might Also Read: 

Surge Of Attacks On Banking & Finance Using N Korean Tools:


 

« Webinar: How to Build a Threat Detection Strategy in AWS
Airlines Think Biometrics Will Improve Passengers' Experience »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Protegrity

Protegrity

Protegrity is an enterprise and cloud data security software for data-centric encryption and tokenization to protect sensitive data while maintaining usability.

Armadillo Sec

Armadillo Sec

Armadillo provide penetration testing and vulnerability assessment services.

Zeneth Technology Partners

Zeneth Technology Partners

Zeneth is a consulting firm providing information technology and cybersecurity services to federal and commercial clients.

SySS

SySS

SySS is a market leader in penetration testing in Germany and Europe.

The Security Awareness Company (SAC)

The Security Awareness Company (SAC)

The Security Awareness Company provides cyber security awareness training programs for companies of all sizes.

ENAC

ENAC

ENAC is the national accreditation body for Spain. The directory of members provides details of organisations offering certification services for ISO 27001.

Center for Education & Research in Information Assurance & Security (CERIAS)

Center for Education & Research in Information Assurance & Security (CERIAS)

CERIAS is one of the world’s leading centers for research and education in areas of information and cyber security.

RIA in a Box

RIA in a Box

MyRIACompliance combines our team of RIA compliance experts with an online software platform to help investment advisers better manage regulatory compliance and cybersecurity responsibilities.

Socure

Socure

Socure’s identity verification increases auto approval rates, reduces false positives and captures more fraud. In real time.

SilverSky

SilverSky

SilverSky offers a comprehensive suite of products and services that deliver unprecedented simplicity and expertise for compliance and cybersecurity programs.

Presidio

Presidio

Presidio is a leading North American IT solutions provider focused on Digital Infrastructure, Business Analytics, Cloud, Security & Emerging solutions.

watchTowr

watchTowr

Continuous Attack Surface Testing, with the watchTowr Platform. The future of Attack Surface Management.

Aceiss

Aceiss

Aceiss empowers access security, providing unprecedented visibility and insights into user access.

SecAI

SecAI

SecAI is an innovative threat intelligence-driven, and AI-powered vendor aiming at cyber threat detection and response.

Seiber

Seiber

Seiber are a UK based Cyber Security company who provide consultancy and training services. Our objective is to stop bad things happening to good people.

Shieldworkz

Shieldworkz

Shieldworkz secure Operational Technology environments and protect businesses with best-in-class professional services and cyber security solutions.