A North Korean hacking group focused on financial gain for the rogue state has penetrated banks around the world with a series of ongoing attacks, and has tried to steal at least $1.1 billion over the last four years, according to a new tally by cyber-security firm FireEye Inc.
The group, which FireEye identified as APT38, has infiltrated more than 16 organizations in 11 countries including the U.S., and stolen more than $100 million. The hackers have gotten past heavily defended servers at banks and spent time scouring the networks. Security officials should be alarmed, FireEye said last week in a report.
“What sets the North Koreans apart is they wait an average of 155 days before they steal the money,” Charles Carmakal, vice president of consulting at FireEye, said in an interview. “They understand banking networks pretty well. And they probably have geopolitical considerations behind the timing, location of their attacks.”
The most prominent attack by APT38 was the theft of funds from the Bangladeshi central bank’s accounts at the U.S. Federal Reserve in 2016. In that case, the hackers got the Fed to transfer some $100 million by sending fake wiring orders. About $40 million was recovered when the hack was discovered and transfers were reversed before they could be withdrawn.
In January, Mexico’s state-owned trade bank thwarted the attempted theft of $110 million using similar methods. In May, a Chilean bank lost $10 million. All were carried out by APT38, FireEye said in its report.
North Korean diplomats and official media have denied that the country plays any role in cyber attacks.
In its recent attacks, the group “burns the house down,” wiping out computer hard drives to erase its tracks, Carmakal said. Even as other attacks continue, APT38 hasn’t targeted American banks amid North Korea’s peace talks with the U.S., he said.
Banks and other financial institutions are targeted by the most sophisticated cyber criminals, who are attracted to the lure of big-money paydays, FireEye and other groups have said. That has prompted banks to outspend other industries to protect themselves, with the biggest U.S. firms’ annual cyber-security budgets reaching $1 billion.
Financial firms face the highest number of attempted breaches from computer addresses that have been already blocked because of prior misbehavior, according to a report set for release Tuesday by cyber-security firm eSentire. That points to targeted campaigns and persistent efforts by sophisticated attackers, according to Eldon Sprickerhoff, founder and chief innovation officer of eSentire.
Related:
- U.S. Charges North Korean Hacker for WannaCry and Sony Cyber Attacks
- U.S. Intelligence Warning: Cyber Threats Against U.S. Occurring Daily
- Global Shipping Still Reeling from Cyber Attack; Insurers Warn of Coverage Gaps
- India Cyber Bank Heist Used ‘Similar’ Methods to $81M Bangladesh Bank Hack
- U.S. Says North Korea to Blame for ‘WannaCry’ Cyber Attack
- Global Banks Face ‘Significant Evolution’ in Cyber Threat Level: SWIFT
- New Digital Evidence Emerges of N. Korea Connection to Bangladesh Bank Heist
- Heist of $81M from Bangladesh Bank Blamed on ‘State-Sponsored Attack’
- SWIFT Official Warns Banks of Escalating, More Sophisticated Cyber Threats
Was this article valuable?
Here are more articles you may enjoy.