SEOUL (Reuters) – North Korea is behind an increasingly orchestrated effort at hacking into computers of financial institutions in South Korea and around the world to steal cash for the impoverished country, a South Korean state-backed agency said in a report.
In the past, suspected hacking attempts by North Korea appeared intended to cause social disruption or steal classified military or government data, but the focus seems to have shifted in recent years to raising foreign currency, the South’s Financial Security Institute (FSI) said.
The isolated regime is suspected to be behind a hacking group called Lazarus, which global cybersecurity firms have linked to last year’s $81 million cyber heist at the Bangladesh central bank and the 2014 attack on Sony’s Hollywood studio.
The U.S. government has blamed North Korea for the Sony hack and some U.S. officials have said prosecutors are building a case against Pyongyang in the Bangladesh Bank theft.
In April, Russian cybersecurity firm Kaspersky Lab also identified a hacking group called Bluenoroff, a spin off of Lazarus, as focused on attacking mostly foreign financial institutions.
The new report, which analyzed suspected cyber attacks between 2015 and 2017 on South Korean government and commercial institutions, identified another Lazarus spinoff named Andariel.
“Bluenoroff and Andariel share their common root, but they have different targets and motives,” the report said. “Andariel focuses on attacking South Korean businesses and government agencies using methods tailored for the country.”
Pyongyang has been stepping up its online hacking capabilities as one way of earning hard currency under the chokehold of international sanctions imposed to stop the development of its nuclear weapons program.
Cyber security researchers have also said they have found technical evidence that could link North Korea with the global WannaCry “ransomware” cyber attack that infected more than 300,000 computers in 150 countries in May.
“We’ve seen an increasing trend of North Korea using its cyber espionage capabilities for financial gain. With the pressure from sanctions and the price growth in cryptocurrencies like Bitcoin and Ethereum – these exchanges likely present an attractive target,” said Luke McNamara, senior analyst at FireEye, a cybersecurity company.
North Korea has routinely…