northkorea
Latest
US will map and disrupt North Korean botnet
The US government plans to turn the tables on North Korea-linked hackers trying to compromise key infrastructure. The Justice Department has unveiled an initiative to map the Joanap botnet and "further disrupt" it by alerting victims. The FBI and the Air Force Office of Special Investigations are running servers imitating peers on the botnet, giving them a peek at both technical and "limited" identifying info for other infected PCs. From there, they can map the botnet and send notifications through internet providers and foreign governments -- they'll even send personal notifications to people who don't have a router or firewall protecting their systems.
Hackers steal personal data from 997 North Korean defectors
Hackers just caused grief for North Korean defectors. South Korea's Unification Ministry has revealed that attackers stole the personal data of 997 defectors, including their names and addresses. The breach came after a staff member at the Hana Foundation, which helps settle northerners, unwittingly opened email with malware. The defectors' data is normally supposed to be isolated from the internet and encrypted, but the unnamed staffer didn't follow those rules, officials said.
North Korea-linked hacking group stole millions from ATMs
Lazarus, North Korea-linked hacking group that was behind the notorious WannaCry attack, managed to steal tens of millions of dollars from ATMs in Asia and Africa, according to a report from security firm Symantec. The hackers deployed malware called Trojan.FastCash and infected thousands of servers that communicate with ATMs. It then used that access to approve its own fraudulent transactions and withdraw money from the machines.
North Koreans have been hiding their identities to evade sanctions
The US Department of the Treasury recently warned IT companies and individuals that individuals from North Korea are using fake online information in order to win employment for technology projects. These individuals often hide behind businesses that are nominally Chinese owned, but often are completely controlled and managed by North Koreans. The Treasury Department specifically identified two guilty companies, China Silver Star and Volsys Silver Star. Doing business with North Korea, or any business that employs North Korean citizens is, of course, against US and UN sanctions.
US charges North Korean man linked to Sony hack and WannaCry
The US Treasury Department announced today that it has sanctioned one individual and one group connected to malicious cyber activities perpetuated by North Korea's government. Park Jin Hyok, a computer programmer, was sanctioned today along with Korea Expo Joint Venture, an agency he allegedly worked for. The Treasury Department claims Hyok is part of a conspiracy responsible for the 2014 Sony Pictures hack, the 2016 Bangladesh Bank heist and last year's WannaCry ransomware attack. The Department of Justice also confirmed to reporters that it has charged Hyok with extortion, wire fraud and hacking crimes, according to Motherboard.
DOJ will reportedly charge North Korean operative for Sony hack
The Justice Department will reportedly announce charges today against at least one North Korean operative connected to the 2014 cyberattack on Sony Pictures, the Washington Post reports. Officials told the publication that computer hacking charges would be brought against Park Jin Hyok, who is said to have worked with North Korea's military intelligence agency the Reconnaissance General Bureau. It's the first time these types of charges have been brought against an operative of North Korea.
Let's hope Trump didn't give Kim Jong Un the wrong ‘direct number’
President Trump's historic meeting with Kim Jong-Un may not have resulted in the complete de-nuclearization of the Korean Peninsula, but it did lead to a fascinating exchange in which the President claims to have given Kim a "very direct number" if the North Korean leader "has any difficulty." Wired raises an interesting point about the situation, though: given President Trump's attempts to keep his own smartphones away from security-minded staffers, is it possible he inadvertently created a potential security nightmare by giving Kim his personal phone number?
The scary truths about Trump’s nuclear summit
In the first summit meeting between the leaders of the United States and North Korea, Donald Trump met with Kim Jong-un on June 12, 2018, in Singapore. The two leaders smiled warmly, posed for cameras as friends, shook hands, and Trump spoke in glowing terms of admiration about Kim at the news conference.
US government finds new malware from North Korea
Even though Donald Trump is on good terms with North Korea, the Department of Homeland Security is still following that country's ongoing cyberattack campaign (which it's dubbed "Hidden Cobra"). Now CNN reports there's a new variant of North Korean malware to look out for: Typeframe. In a report released yesterday, the DHS says it's able to download and install additional malware, proxies and trojans; modify firewalls; and connect to servers for additional instructions. These are attacks we've seen in plenty of malware variants, Typeframe is just the latest addition.
FBI links North Korea hackers to two more malware attacks
The FBI and the Department of Homeland Security have linked more malware with North Korean hackers. The agencies say state-backed hackers called Hidden Cobra have likely used remote access tool Joanap and server message block worm Brambul to infiltrate the global media, aerospace, financial and critical infrastructure sectors. The attacks are part of a North Korea cyberattack campaign that has persisted since at least 2009, the agencies wrote in a Technical Alert.
North Korea-linked hackers targeted defectors with Android spyware
When Android malware slips into the Google Play Store, it's usually there to push unwanted ads or perpetuate a scam. McAfee researchers, however, have discovered something more sinister. A North Korean group nicknamed Sun Team recently posted three apps in Google Play that were used to target defectors from the authoritarian country. The attackers contacted people through Facebook in bids to have them install seemingly innocuous "unreleased" apps for food and security. When installed, the rogue apps would send contacts, photos and text messages to the intruders using Dropbox and Russia's Yandex to both upload data and send commands.
Russia hacked the Olympics and tried to pin it on North Korea
Now that the 2018 Winter Olympics are over, we're now learning who was responsible for hacking the games' systems... and the culprit won't surprise you at all. US intelligence officials speaking anonymously to the Washington Post claimed that spies at Russia's GRU agency had compromised up to 300 Olympics-related PCs as of early February, hacked South Korean routers in January and launched new malware on February 9th, the day the Olympics began. They even tried to make it look like North Korea was responsible by using North Korean internet addresses and "other tactics," according to the American sources.
Cyber attacks reportedly cost the US as much as $109 billion in 2016
Cyber attacks are increasingly becoming a fact of life. North Korea attacked aerospace and telecom networks last year. Olympics officials confirmed a recent attack that took place during the opening ceremonies. While Russia denied its involvement in the devastating NotPetya attacks, the US has finally joined other countries in blaming Russia for them. Now, a report from the White House Council of Economic Advisers says that malicious cyber activity like this cost the US economy between $57 and $109 billion in 2016.
What Trump means when he talks nukes at the State of the Union
President Donald Trump is expected to cover five main topics in his first State of the Union address tonight, including the economy, immigration, infrastructure and trade. The fifth topic, national security, will put the spotlight on North Korea and the erratic, ad hominem nuclear standoff between North Korean leader Kim Jong-un and Trump himself. The tension of this relationship has spilled over to Twitter, where Trump has lobbed insults and threats at Kim over the past year. Trump called Kim "little Rocket Man" and declared the US' "nuclear button" was "much bigger and more powerful" than Kim's. In August, Trump promised "fire and fury" if North Korea didn't stop testing nuclear weapons, and Kim later called Trump a "mentally deranged dotard." Meanwhile, North Korea carried out more than a dozen nuclear tests throughout 2017, including launching intercontinental ballistic missiles theoretically capable of striking the US mainland. Its most recent ICBM test was in November.
North Korea gets a modern staple: lousy airport WiFi
North Korea is continuing to slowly embrace modern technology, although not in the ways you might like. The AP's Eric Talmadge has discovered that Pyongyang's airport now has WiFi, with $2 getting you 30 minutes of online time. But just like many airport hotspots, it doesn't appear to be usable -- Talmadge couldn't get a valid login even after enlisting the help of a supervisor, and it had trouble opening a page in the process. It's unclear whether this was a one-time problem or reflective of poor maintenance, but the signal is definitely there.
Facebook and Microsoft disabled slew of North Korean cyber threats
If you ask the White House, North Korea's WannaCry attack was just the tip of the iceberg. Homeland security adviser Tom Bossert reported that Facebook and Microsoft disabled a range of North Korean online threats in the past week. Facebook removed accounts and "stopped the operational execution" of ongoing attacks, while Microsoft patched existing attacks that went beyond WannaCry. Details of just what those attacks were aren't available.
US government names North Korea as the source of WannaCry
Donald Trump's homeland security adviser, Tom Bossert, said in a Wall Street Journal op-ed that "after careful investigation, the U.S. today publicly attributes the massive "WannaCry" cyberattack to North Korea." Coming during increasing tensions between the two countries over nuclear threats and Twitter outbursts, Bossert said this attribution is based on evidence and agrees with the findings from the UK and Microsoft.
North Korea hackers steal bitcoin by targeting currency insiders
Bitcoin values are skyrocketing, and North Korea appears to be trying to profit from that virtual gold rush. Secureworks reports that the Lazarus Group (a team linked to the North Korean government) has been conducting a spearphishing campaign against cryptocurrency industry workers in a bid to steal bitcoin. The attacks have tried to trick workers into compromising their computers by including a seemingly innocuous Word file that claims they need to enable editing to see the document. If they fell prey, it installed a rogue macro that quietly loaded a PC-hijacking trojan while staffers were busy looking at the bogus document.
Feds reveal technical details of North Korea's cyber attacks
North Korea has been running a hacking campaign targeting aerospace, telecommunications and financial industries in the US since 2016, according to alerts issued by the government. Homeland Security and the FBI have released the technical details of what they say are North Korean-sponsored cyber attacks in an effort to help companies protect themselves. The alerts contain IP addresses associated with Volgmer, one of the backdoor Trojans the hackers have been using for years.
North Korean hackers allegedly stole South Korean and US war plans
According to a report, North Korean hackers acquired military intel last year from South Korea that included a plan to 'decapitate' North Korean leadership. According to a South Korean lawmaker, the 235 GB of data were stolen from SK and contained detailed plans in collaboration with the US as well as contingencies and infrastructure information.
