Cybersecurity

Security firm: North Korean cyber hacks have continued amid summit talks

Suspected North Korean hackers have been conducting offensive cyber operations on financial institutions amid discussions between Washington and Pyongyang on a possible nuclear summit between President Trump and Kim Jong Un, a cybersecurity firm says.

An executive with FireEye said Thursday that the firm has continued to observe North Korean-linked hackers targeting financial institutions in order to siphon off money for the regime, which has been increasingly strapped for cash as a result of international sanctions.

“We’ve seen a suspected North Korean threat actor continue offensive operations against financial institutions,” said Charles Carmakal, vice president for Mandiant Consulting, a subsidiary of FireEye that provides cyber incident response to organizations across the globe. He indicated hackers are primarily targeting banking institutions in Latin America and Asia.

{mosads}

“What we’re observing right now, which we’ve observed for the past year in both Latin America and Asia is essentially they are breaking into banking and financial institutions and stealing money leveraging banking systems, moving money and essentially burning the house down afterwards” likely to cover their tracks, Carmakal continued. 

In recent years, cybersecurity experts have observed a pattern of North Korea-linked hackers targeting banking technology in an effort to move large sums out of foreign financial institutions to the regime.

For instance, North Korea has been linked to the massive cyber heist on Bangladesh’s central bank in 2016 in which hackers pilfered $81 million by targeting the bank’s Society for Worldwide Interbank Financial Telecommunication (SWIFT) transaction system.

More recently, hackers linked to Pyongyang have been targeting organizations involved in digital currency.

Carmakal, speaking to reporters at a conference in Washington, said that FireEye has “absolutely” observed suspected North Korean hackers recently launching attacks against organizations moving money using the SWIFT system, though he noted that hackers associated with the regime will leverage any banking technology that affords them profit. 

North Korean hackers have been active in cyberspace for several years, attracting massive attention for the brazen attack on Sony Pictures in late 2014 in retaliation for the movie “The Interview” that depicted an assassination plot on Kim.

“They continue to engage in offensive operations,” Carmakal said Thursday. “They’re one of the wildcards for us.”

The comments come as the Trump administration continues to push for a summit between Trump and the North Korean leader to discuss Pyongyang’s nuclear program.

The possibility of a summit between the two was thrown into doubt last week after Trump canceled a meeting scheduled for June 12 in Singapore.

U.S. and North Korean officials have since pressed forward with talks to arrange the summit.

On Thursday, Secretary of State Mike Pompeo said the two nations had made “real progress” in recent days toward setting conditions for the meeting, though a final decision has not yet been made.

Security professionals have observed Pyongyang’s cyber capabilities evolve in recent years, as they have expanded operations to international targets – including some activity in the United States – and leveraged their skills to steal money. 

Their attacks are not limited to financial institutions. Earlier this week, U.S. officials warned of two families of malware linked to the North Korean government that could allow hackers to conduct espionage and steal data.