north korea cyber attack

UN says North Korea committed cyber attacks on 17 countries

Image credit: Dreamstime

The UN Security Council has accused North Korea of launching 35 cyber attacks on 17 countries that were designed to raise money for its nuclear programme.

The country reportedly raised $2bn (£1.7bn) from its activities, with South Korea being the hardest hit as the victim of 10 of the attacks.

Thirteen countries suffered single attacks: Costa Rica, Gambia, Guatemala, Kuwait, Liberia, Malaysia, Malta, Nigeria, Poland, Slovenia, South Africa, Tunisia and Vietnam.

In 2017 North Korea was blamed for the WannaCry attacks that badly impacted the UK’s National Health Service. This was largely blamed on computers running old versions of Windows that were susceptible to since-patched security holes.

A report to the Security Council details some of the attacks as well as the country’s successful efforts to evade sanctions on coal exports in addition to imports of refined petroleum products and luxury items including Mercedes Benz S-600 cars.

Three methods were identified as the primary vectors used in the cyber attacks.

The SWIFT (Society for Worldwide Interbank Financial Telecommunication) system, a global network that enables financial institutions to send and receive information about financial transactions, was hacked into. The attacks targeted bank employee computers to access the infrastructure to send fraudulent messages and destroy evidence.

On numerous occasions cryptocurrency was stolen through attacks on both users and exchanges.

Cryptocurrency was also mined as a source of funds “for a professional branch of the military”.

The experts said they are investigating the reported attacks as attempted violations of UN sanctions, which the panel monitors.

According to a report from one unnamed country cited by the experts, stolen funds following one cryptocurrency attack in 2018 “were transferred through at least 5,000 separate transactions and further routed to multiple countries before eventual conversion” to currency that a government has declared legal money, “making it highly difficult to track the funds”.

The panel said South Korea’s Bithumb, one of the largest cryptocurrency exchanges in the world, was reportedly attacked at least four times.

It said the first two attacks in February 2017 and July 2017 each resulted in losses of approximately $7m (£5.8m), while a June 2018 attack led to a $31m (£25.7m) loss and a March 2019 attack to a $20m (£16.5m) loss.

The panel said it also investigated instances of “cryptojacking” in which malware is used to infect a computer to illicitly use its resources to generate cryptocurrency.

It said one report analysed a piece of malware designed to mine the cryptocurrency Monero “and send any mined currency to servers located at Kim Il Sung University in Pyongyang”.

In 2016 $81m was stolen from the Bangladesh Central Bank following an attack on the software powering the SWIFT system.

Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.

Recent articles