Over 100 Targets in US Hit By North Korean Hackers

As reported in the NY Times, North Korean hackers have targeted American and European businesses for 18 months kept up their attacks last week even as President Trump was meeting with North Korea’s leader in Hanoi.

According to researchers at the cybersecurity company McAfee the attacks, which include efforts to hack into banks, utilities and oil, and gas companies, began in 2017. This was the time when tensions between North Korea and the United States were flaring. But even though both sides have toned down their fiery threats, the attacks persist.

The attacks began soon after the incident in 2017 when Mr. Trump mocked Kim Jong-un as “rocket man” in a speech at the United Nations in.

Victor Cha, the Korea chairman at the Center for Strategic and International Studies in Washington said: “For 15 months, they haven’t tested weapons because of this negotiation but over those same 15 months they have not stopped their cyber activity.”

The McAfee researchers gained access to one of the main computer servers used by the North Korean hackers to stage their attacks. They did this with the help of an unnamed foreign law enforcement agency.

The McAfee researchers said they watched, in real time, as the North Koreans attacked the computer networks of more than a hundred companies in the United States and across the world. Last month, they expanded their targets to companies in Turkey, operating from a block of internet addresses traced to Namibia, one of the few countries that still maintain friendly relations with Pyongyang.

“We’ve seen them hit in excess of 100 victims. They are very, active. It’s been nonstop.” said Raj Samani, McAfee’s chief scientist.

The exact motive of the attacks was not clear. They were well-researched and highly focused and, in many cases, aimed at engineers and executives who had broad access to their companies’ computer networks and intellectual property.

McAfee, will not name the target of the attacks and said it would be alerting victims and government authorities on Monday. But the firm did confirm that all attack leads to North Korean hackers.

In the United States, the most frequent marks are in Houston and New York. Other major targets included London, Madrid, Tokyo, Tel Aviv, Bangkok Rome, Taipei, Hong Kong, and Seoul. Russia and China were relatively untouched as the two countries maintain cordial relations with North Korea.

North Korea, has long been accused of using hackers to further its national interests. In 2014, North Korean hackers hit Sony Pictures Entertainment in retaliation for a movie that mocked Mr. Kim. They destroyed Sony’s computer servers, paralyzed the studio’s operations and eventually leaked embarrassing emails ahead of the 2016 elections.

North Korean hackers are known to attacks on banks across the world for financial gain, not surprised for a country ravaged by economic sanctions. The “WannaCry” attack in 2017, was also traced to North Korea.

Mr. Cha, of the Center for Strategic and International Studies, said cyber attacks remained the “third leg” of North Korea’s overall military strategy. “They’re never going to compete with the United States and South Korea soldier to soldier, tank for tank,” he said. “So they have moved to an asymmetric strategy of nuclear weapons, ballistic missiles, and the third leg is cyber that we really didn’t become aware of until Sony.”

McAfee’s researchers believe that North Korea’s hackers had significantly improved their capabilities since the Sony attack. They are much better at hiding their tracks and researching their targets. In many of the attacks McAfee witnessed, North Korean hackers had done their homework.

The hackers would scan the business site LinkedIn, hunting for the profiles of industry job recruiters. They sent emails that appeared to come from those recruiters’ accounts. When a target clicked on an attachment or link in the email, the hackers gained access to the target’s computer.

“The campaign was clearly really well prepared. It was very well researched and targeted. They knew the individuals they were going for, and they drafted emails in such a way that their targets clicked on them,” said Christiaan Beek, McAfee’s senior principal engineer and lead scientist. The tools they used to implant malware in the recent attacks is called “Rising Sun” which is because of a reference in the code

Security experts said the attacks would have to be addressed at some point if the two countries should continue talks.

Related Resources:

North Korean Hackers Swindles over $1 billion

North Korea Backed Two Cryptocurrency Scams This Year, Says Report