![]() Delacourt of the FBI’s Los Angeles Field Office. Demers, First Assistant United States Attorney for the Central District of California Tracy Wilkison and Assistant Director in Charge Paul D. ![]() Wray, Assistant Attorney General for National Security John C. The charges were announced by Attorney General Jeff Sessions, FBI Director Christopher A. The Conspiracy’s malicious activities include the creation of the malware used in the 2017 WannaCry 2.0 global ransomware attack the 2016 theft of $81 million from Bangladesh Bank the 2014 attack on Sony Pictures Entertainment (SPE) and numerous other attacks or intrusions on the entertainment, financial services, defense, technology, and virtual currency industries, academia, and electric utilities. The complaint alleges that Park was a member of a government-sponsored hacking team known to the private sector as the “Lazarus Group,” and worked for a North Korean government front company, Chosun Expo Joint Venture (a/k/a Korea Expo Joint Venture or “KEJV”), to support the DPRK government’s malicious cyber actions. "While Kaspersky discovered the use of Dtrack and Maui, we've observed the use of VSingle, YamaBot and MagicRAT," the analysts noted.A criminal complaint was unsealed today charging Park Jin Hyok (박진혁 a/k/a Jin Hyok Park and Pak Jin Hek), a North Korean citizen, for his involvement in a conspiracy to conduct multiple destructive cyberattacks around the world resulting in damage to massive amounts of computer hardware, and the extensive loss of data, money and other resources (the “Conspiracy”). The "critical difference" between the two, according to Talos, is the malware. It's also similar to the Maui ransomware campaign used against US health-care organizations earlier this year that Kaspersky later attributed to Andariel, a North Korean state-sponsored threat with links to the notorious Lazarus Group. "This activity aligns with historical Lazarus intrusions targeting critical infrastructure and energy companies to establish long-term access to siphon off proprietary intellectual property." "The main goal of these attacks was likely to establish long-term access into victim networks to conduct espionage operations in support of North Korean government objectives," An, Malhotra and Ventura wrote. These cyberattacks on cryptocurrency exchanges and financial institutions help fund North Korea's nuclear and ballistic missile programs and support the country's claimed three top objectives: causing disruption, conducting cyberespionage, and raising money.Īnd this latest campaign against energy firms fits into these larger objectives, too. In July, Uncle Sam offered a $10 million reward for information on members of state-sponsored North Korean threat groups including Lazarus, double the amount that the US State Department announced back in April.Īlso in April, the Feds attributed the $620 million Axie Infinity heist to North Korea's Lazarus Group, and fingered the gang's getaway wallet address.Īnd a few months later, investigators at a blockchain analysis outfit linked the $100 million Harmony crypto theft to Kim Jong-un's cyber goons. But then, again, Pyongyang has never shied away from exploiting a global catastrophe - or a software vulnerability - for financial gain. The fact that this campaign targets energy providers is especially troubling as energy costs skyrocket due to the war in Ukraine, reaching crisis status in Europe. This includes more general recon efforts as well as moving laterally through the energy companies' networks, stealing employees' credentials and exfiltrating data. FBI warns of North Korean cyberspies posing as foreign IT workersĪfter deploying the implants, the North Korean spies perform all manner of malicious deeds to bolster Kim's regime, according to the Talos research. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |