North Korea, facing heavy international sanctions with more probably to come could be turning to other means to support its expensive nuclear program designed to “easily” its neighbours like South Korea and Japan. According to security firm Kaspersky Lab, North Korea could be behind one of the biggest bank heists ever. This comes as investigators looking into the activities of Lazarus which fingered in the theft of $81m from the Central Bank of Bangladesh last year.
In a CNN report, it was said that their activities now cover a range of banks in mostly emerging economies including Nigeria. “ Researchers at Kaspersky now say the same hacking operation — known as “Lazarus” — also attacked financial institutions in Costa Rica, Ethiopia, Gabon, India, Indonesia, Iraq, Kenya, Malaysia, Nigeria, Poland, Taiwan, Thailand, and Uruguay.
In 2013 alone, Nigeria lost about 40 billion ($1.4b at the time) to cyber criminals representing a fraction of the over $200b lost globally to cybercrime every year. While many of these thefts could range from individuals to groups, we don’t get to hear of many cases where states sponsor such criminal operations but like I said, North Korea is not a normal state. Enemy states usually sponsor hacking operations to steal intellectual property as in the case of many accusations that the US has leveled against Russia and China in the past and vice versa.
But how did Kaspersky arrive at the conclusion that North Korea is doing this?
Well in 2014, Hollywood produced a movie mocking the North Korean leader Kim Jong Un and shortly after that, Sony got hacked after North Korea made its displeasure on the movie public. Sony was forced to pull the movie from theatres even though even though then US President Barack Obama said he thought Sony made a mistake and should have come to it. The FBI began investigating the incident and traced it back to the Lazarus hackers and further investigation confirmed that the hackers are indeed from North Korea. That said, North Korea didn’t explicitly deny it but their internet mysteriously went down for 19 hours in what seemed like a US retaliation.
That said, Kaspersky now said in a report presented last week at a cybersecurity conference in the Caribbean that;
“The first connections made on the day of configuration were coming from a few VPN/proxy servers indicating a testing period for the C&C (command and control) server; however, there was one short connection on that day which was coming from a very rare IP address range in North Korea. This was another artefact pointing at a possible origin of the Lazarus group or at least some of its members.”
But knowing North Korea, this won’t be just some guys in a basement trying to steal your money online, it’s more likely to be a state operation. But with all the evidence that Kaspersky has, they caution that this “is not enough proof to provide definitive attribution given that the connection session could have been a false flag operation.”
This then leaves open the possibility of other states being potential culprits and if you think in line with online reactions, then Russia could be the top on your list and let us point out that Kaspersky is a Russian multinational company.
This new report from Kaspersky comes two years after they released a separate report saying about 30 banks (majority in Russia) may have been victim to a $1b heist that year.