Tag: hackers

North Korean Hackers Target U.S. Hospitals with Ransomware Attacks

Hackers continue to be a major money source for Kim crime family in North Korea:

Deputy Attorney General Lisa Monaco attends a briefing in New York on April 27, 2022. Monaco said on Tuesday, July 19, that the FBI and Justice Department recently disrupted the activities of a hacking group that was sponsored by the North Korean government and that targeted U.S. hospitals with ransomware. (Eduardo Munoz Alvarez/AP)

The FBI and Justice Department recently disrupted the activities of a hacking group that was sponsored by the North Korean government and that targeted U.S. hospitals with ransomware, ultimately recovering half a million dollars in ransom payments and cryptocurrency, Deputy Attorney General Lisa Monaco said Tuesday.

Monaco revealed new details of the attacks during a speech in which she encouraged organizations hit by ransomware to report the crime to law enforcement, both so that officials can investigate and so that they can help victim companies try to get ransom payments back.

In this case, Monaco said, a Kansas hospital that paid a ransom last year after being attacked by ransomware also contacted the FBI, which traced the payment and identified China-based money launderers who assisted the North Korean hackers in cashing out the illicit proceeds. The FBI was able to recover half a million dollars, including the entire ransom payment from the hospital.

Associated Press

You can read more at the link, but besides doing this for the cash these hackers are also exfiltrating private medical information. It makes me wonder how secure the DOD’s medical record servers are?

North Korean Hackers Target Defense Ministry Advisory Panel

This is a fairly simple malware attack launched by the North Koreans:

A hacker group believed to be linked to North Korea has attempted to steal data from South Korean experts working as members of an advisory panel for the defense ministry, a cybersecurity firm said Sunday.

Emails were sent to some members of the advisory panel earlier this month from hackers who disguised themselves as a North Korea-related department of the defense ministry, notifying them of an upcoming seminar on the occasion of the anniversary of a 2018 inter-Korean military agreement, according to ESTsecurity.

A few days later, another email was sent, asking the panel members to open attached papers written for the event. It had some disguised images on the attachments that appeared to be official government documents, according to ESTsecurity.

ESTsecurity said it suspects North Korea-linked hacking organization Thallium to be behind the attempted attacks.

The hackers attached malicious files disguised as government documents to emails that can install malware on users’ computers, allowing them to steal information.

Korea Times

You can read more at the link.

North Korea Reportedly Stole $316 Million Through Cyberattacks Last Year

The UN previously reported in 2019 that the Kim regime has stolen up to $2 billion through cyber attacks and last year they stole $316 million on top of that. Yet supposedly they can’t feed their own people and the Moon administration wants to funnel even more cash to the regime:

A woman wearing a face mask walks past in front of a TV screen showing a news program reporting about North Korea’s military parade, at the Seoul Railway Station in Seoul, South Korea, on January 15.

New York (CNN)North Korea‘s army of hackers stole hundreds of millions of dollars throughout much of 2020 to fund the country’s nuclear and ballistic missile programs in violation of international law, according to a confidential United Nations report.The document accused the regime of leader Kim Jong Un of conducting “operations against financial institutions and virtual currency exchange houses” to pay for weapons and keep North Korea’s struggling economy afloat. One unnamed country that is a member of the UN claimed the hackers stole virtual assets worth $316.4 million dollars between 2019 and November 2020, according to the document.

CNN via a reader tip

You can read more at the link.

Seoul Says Hackers Are Responsible for Sending Official Emails Claiming Rift in US-ROK Alliance

Even if the person’s email was hacked why was state agencies sending classified documents over an unclassified network to begin with?  This is worse than the alleged hacking:

Cheong Wa Dae is looking into possible hacking cases, in which emails intended to create a rift in alliance between South Korea and the United States have been sent out using the accounts of at least two senior officials.

Citing recipients of these emails, the presidential office said this is to either steal classified information on North Korea policy or drive a wedge into the South Korea-U.S. alliance by using fake documents.

“We take each case very seriously and asked the National Police Agency to look into them thoroughly,” a presidential aide said asking not to be named.

The latest cases increased concerns over fake news at an alarming rate. This was because vernacular newspaper The Asia Business Daily, after obtaining a fake document on the U.S. mistrust of South Korea, published a related story on Nov. 27.

“It is way beyond a misreport and what we’re facing is the most malicious case in journalism history,” said Cheong Wa Dae spokesman Kim Eui-kyeom. “The way false information has been produced and disseminated is very elaborate.”

He added Cheong Wa Dae will “hunt down those who are responsible,” claiming the information itself was aimed at creating a rift between the two allies and therefore is anti-governmental.

In the first case, someone who pretended to be Presidential Secretary for State Affairs Yun Kun-young sent mails at the beginning of this year to multiple ministry officials.

The suspect then demanded recipients to hand over digital documents related to North Korea policy.

It remains uncertain how many shared classified information with the suspect.

One of the recipients raised a question over why such sensitive content was sent through Yun’s private email address, and not the one created by Cheong Wa Dae. He called Yun to confirm accordingly.  [Korea Times]

You can read more at the link, but they don’t know who conducted the alleged hacking.  Considering that the alleged hacking was done with the purpose of creating a rift in the US-ROK alliance, China or North Korea seem like likely suspects.

ROK Police Say North Korean Hackers Did Not Access Classified Defense Documents

This is why classified information is not stored on an unclassified network because it is so easy for hackers to get access to it:

Hours after police revealed that North Korea gained access to a host of defense-related documents during a hacking attack in February, the South Korean military asserted that no military secrets were included in the leaked documents.

A military official said on Monday that most of the 42-thousand documents stolen from South Korea’s SK Networks and Korean Air by the North are already open to the public.

The leaked documents reportedly include the design map of the wing of the U.S. F-15 fighter jet and photos of parts of a medium altitude unmanned surveillance vehicle.

The compromised data of the U.S. F-15 fighter jet is said to be simple specifications of the jet’s external design such as its length and width, and has no relevance to South Korea’s F-15K.  The military said that the core part of the design of the medium altitude unmanned surveillance vehicle was not leaked.  [KBS World Radio]

North Korea Believed to Have Hacked Human Rights Activists Computer

Over the years I have had a number of technical problems keeping the site up, but I don’t think they were caused by the North Koreans though stories like this one make me wonder:

A prominent U.S. human rights activist claimed Friday that North Korea hacked into his computer last week which contained a document on cooperation between North Korea and Syria.

Greg Scarlatoiu, executive director at the Committee for Human Rights in North Korea, said that when he woke up at a hotel during his recent visit to Latin America, he found that his computer had been “compromised and remotely accessed.”

The Washington-based non-governmental organization has focused on shedding light on North Korea’s human rights violations and improving the North’s rights records.

“Only one document was opened. That document contains some material that I had received from Syrian human rights defenders regarding Syria-North Korea cooperation,” Scarlatoiu told Yonhap News Agency on the sidelines of a forum in Seoul.

“There is only one suspect here,” he said, referring to North Korea.

Scarlatoiu said that cyber security experts whom he has contacted said that “most likely the attack came from North Korea,” though he has no hard evidence for that. His claim has yet to be independently verified.  [Korea Times]

You can read the rest at the link.

Defector Claims that North Korea Trying to Develop Cyberattack Capability Against US Nuclear Plants

It is well known that the North Koreans have decent hacking capabilities, but if they were to attempt to take out a nuclear plant I think the gloves would have to come off to deal with them:

north korea nuke

A North Korean defector who worked as a university professor in the country has said in an interview with the BBC that North Korea now has over 6,000 hackers.

Professor Kim Heung-Kwang taught science at a university in North Korea for 20 years. But he defected in 2004 and fled the country.

Speaking to the BBC, Kim estimated that up to 20% of North Korea’s military spending goes toward Bureau 121, the army unit believed to focus on hacking.

Kim suggests the capabilities of North Korea’s hackers are significant. He said “their cyberattacks could have similar impacts as military attacks, killing people and destroying cities.”

Another claim made in the interview is that North Korea is working to develop its own malware based on Stuxnet. North Korea was named responsible for the Sony Pictures hack, in which it used modified computer software to hack into Sony Pictures and take over the company’s servers. But now Kim says the country wants to develop a new type of malware that can target nuclear plants. [Business Insider]

You can read more at the link.

North Korea Continues to Gloat and Make Threats After Sony Hack

The Kim regime must be feeling pretty of themselves right now after there successful Sony hack because they continue to gloat and make threats:

nk flag

While steadfastly denying involvement in the hack, North Korea accused U.S. President Barack Obama of calling for “symmetric counteraction.”

“The DPRK has already launched the toughest counteraction. Nothing is more serious miscalculation than guessing that just a single movie production company is the target of this counteraction. Our target is all the citadels of the U.S. imperialists who earned the bitterest grudge of all Koreans,” a report on state-run KCNA read.

“Our toughest counteraction will be boldly taken against the White House, the Pentagon and the whole U.S. mainland, the cesspool of terrorism,” the report said, adding that “fighters for justice” including the “Guardians of Peace” — a group that claimed responsibility for the Sony attack — “are sharpening bayonets not only in the U.S. mainland but in all other parts of the world.” (CNN)

You can read more at the link.

North Korea Makes New Threat Against US Over Sony Hack Investigation; How Should the US Respond?

North Korea looks like they want to take a page out of the playbook they used for the sinking of the Cheonan where everyone knew they did it, but by continuing to deny it it allows their allies like Russia and China to help cover for them to prevent any real consequences for the attack:

North Korea said U.S. accusations that it was involved in a cyberattack on Sony Pictures were “groundless slander” and that it was wanted a joint investigation into the incident with the United States.

An unnamed spokesman of the North’s foreign ministry said there would be “grave consequences” if Washington refused to agree to the joint probe and continued to accuse Pyongyang, the official KCNA news agency reported on Saturday.

On Friday, President Barack Obama blamed North Korea for the devastating cyberattack, which led to the Hollywood studio cancelling “The Interview”, a comedy on the fictional assassination of North Korean leader Kim Jong Un.

In its first substantive response to the accusation, the isolated North Korea said it could prove it had nothing to do with the massive hacking attack.

“We propose to conduct a joint investigation with the U.S. in response to groundless slander being perpetrated by the U.S. by mobilizing public opinion,” the North Korean spokesman said.

“If the U.S. refuses to accept our proposal for a joint investigation and continues to talk about some kind of response by dragging us into the case, it must remember there will be grave consequences,” the spokesman said.  [Reuters]

You can read more at the link, but North Korea is back making threats against the US again.  It will be interesting to see what the US response will be, but I do not see this as an act of war as some people are claiming.  Why should poor network security by a company be a reason to draw the US into a war?  This is a crime not an act of war.  Pushing for further members of the Kim regime to be tried at the International Criminal Court would be one way to respond.  It is highly symbolic, but it would be highly embarrassing for the Kim regime just like the past referral of North Korea for human rights violations was.  Putting North Korea back on the State Sponsors of Terrorism List, a list they never should have been taken off of in the first place, would be another way to respond.  Finally as One Free Korea points out taking financial action against the regime could be the most effective way to really get the attention of the Kim regime to act as a deterrent against such a cyberattack in the future.