It has been denounced by FBI and the U.S. Department of Homeland Security cybersecurity experts: It could arrive from Russian Ryuk ransomware gang.
An UN leaked report: North Korea’s state sponsored hackers stole US$ 2bn to fund Pyongyang’s weapons program. Lazarus and other groups preferred cryptocurrencies, harder to trace and subject to less government oversight and regulation than the traditional banking sector
North Korea’s state sponsored hackers stole US$ 2bn to fund Pyongyang’s weapons program. It has been unveiled in a leaked United Nations report, according to Reuters. Groups as Lazarus (aka Hidden Cobra) and others targeted banks and crypto-currency exchanges to collect cash. According to the cyber security experts, the cyber attacks worked not only to gain profit, despite the international embargo. But also to avoid foreign controls about the use of the money. In fact, the stolen cryptocurrencies are harder to trace and subject to less government oversight and regulation than the traditional banking sector. On this issue, the report explains that Kim Jong-Un’s regime has violated UN sanctions by means of illicit ship-to-ship transfers, as well as obtaining items related to weapons of mass destruction.
Lazarus Kim Jong-Un state sponsored hackers not only stolen money, but also launched cyber espionage and sabotage campaigns against different targets
Cyber security community believes North Korea’s state sponsored hackers are behind many cyber attacks worldwide. Not only against cryptocurrency platform, but also on governments, industries, military, etc… The hackers group, in fact, apart from stealing money spy many target and sometimes try to sabotate “enemy” networks. Two of the latest Lazarus campaigns were Electricfish (from the malware’s name) and HOPLIGHT (the Trojan name). In the first It was implemented a custom protocol that allows traffic to be funneled between a source and a destination IP address. In the second, they generated fake TLS handshake sessions using valid public SSL certificates, disguising network connections with remote malicious actors.