North Korea hackers attack banks in 18 countries

  • As EU expands sanctions against DPRK

A report from a Russian online cyber security firm, Kaspersky, has observed that North Korean hackers are allegedly attacking banks in 18 countries, including Nigeria.

The organisation noted in its report that this could be regarded as the biggest bank heists in world history.

Banks and security researchers have previously identified four similar cyber-heists attempt on financial institutions in Bangladesh, Ecuador, the Philippines and Vietnam.

But researchers at Kaspersky now say the same hacking operation — known as “Lazarus” — also attacked financial institutions in Costa Rica, Ethiopia, Gabon, India, Indonesia, Iraq, Kenya, Malaysia, Nigeria, Poland, Taiwan, Thailand, and Uruguay.

This report is coming after more than a year-long investigation into the activity of “Lazarus”, the hacking group allegedly responsible for the theft of $81 million in US currency from the Central Bank of Bangladesh last year.

The suggestion that North Korea could have been behind the attack, or at least involved, has added to concerns that the Hermit Kingdom is becoming bolder in its cyber attacks against global financial institutions.

According to CNN, North Korea’s mysterious Lazarus hacking operation has been blamed for several large international cyber attacks in recent years. The hackers can be traced back to North Korea, according to Kaspersky researchers.To hide their location, hackers typically launch cyber attacks from computer servers far from home.

According to Kaspersky, the Lazarus hackers carefully routed their signal through France, South Korea and Taiwan to set up that attack server. But there was apparently one mistake spotted by Kaspersky: A connection that briefly came from North Korea.

“North Korea is a very important part of this equation,” said Vitaly Kamluk, who leads Kaspersky’s Asia-Pacific research team.

The North Korean government has reportedly denied allegations of the hack.

Kaspersky Lab itself has said despite the evidence of the North Korean IP address, that “is not enough proof to provide definitive attribution given that the connection session could have been a false flag operation.”

When contacted, Central Bank of Nigeria (CBN) Acting Director, Corporate Communications, Isaac Okorafor, said the regulator was not aware of any such occurrence.

“We have not had anything like that in Nigeria. I am not aware of any such attacks on Nigerian banks,” he said.

In the  meantime, the European Union (EU), on Thursday imposed further sanctions against the Democratic People’s Republic of Korea (DPRK).

The Council of the EU announced in a statement that it decided to expand the prohibition on investments in the DPRK to new sectors, including the conventional arms-related industry, metallurgy and metalworking, and aerospace.

The measures also include ban on the provision of certain services to persons or entities in the DPRK, namely computer services and services linked to mining and manufacturing in the chemical, mining and refining industry.

Four people and seven entities would be added to the list of those subject to EU restrictive measures.
This brings the total number of persons subject to travel restrictions and asset freeze to 41.

The EU said it took these additional restrictive measures “considering that the actions of the DPRK violated multiple UN Security Council resolutions and constitute a grave threat to international peace and security in the region and beyond.”

The DPRK on Wednesday test-fired one ballistic missile into eastern waters, South Korea’s defense ministry said.

Nation with additional report from NAN