North Korea’s ‘Reaper’ hacking group is stepping up its cyber warfare capabilities and is an …

North Korea‘s Reaper hacking group is stepping up its cyber warfare capabilities and is an ‘advanced persistent threat, a leading US cybersecurity firm has warned.

FireEye identified the Pyongyang-linked group it dubbed ‘APT37’ – standing for ‘advanced persistent threat’ – in a report on Tuesday.

It’s the first time that FireEye had used the designation for a North Korean-based group.

Analysts say the isolated and impoverished, but nuclear-armed North has stepped up hacking operations partly to raise money for the cash-strapped regime, which is subject to multiple sanctions over its atomic weapons and ballistic missile programmes.

FireEye said the cyber espionage group, previously known only for targeting South Korea’s government and private sector, has become more sophisticated.

Scroll down for video

Analysts say the isolated and impoverished, but nuclear-armed North has stepped up hacking operations partly to raise money for the cash-strapped regime. Pictured, North Korean leader Kim Jong-un

Analysts say the isolated and impoverished, but nuclear-armed North has stepped up hacking operations partly to raise money for the cash-strapped regime. Pictured, North Korean leader Kim Jong-un

Analysts say the isolated and impoverished, but nuclear-armed North has stepped up hacking operations partly to raise money for the cash-strapped regime. Pictured, North Korean leader Kim Jong-un

Last year, it hit further afield including in Japan and the Middle East, the security researchers said.

Cyber attacks linked by experts to North Korea have targeted aerospace, telecommunications and financial companies in recent years, disrupting networks and businesses around the world.

But North Korea rejects accusations it has been involved in hacking.

FireEye said the state-connected Reaper hacking organisation, which it dubbed APT37, had previously operated in the shadows of Lazarus Group, a better-known North Korean spying and cybercrime group widely blamed for the 2014 Sony Pictures and 2017 global WannaCry attacks.

APT37 had spied on South Korean targets since at least 2012, but has been observed to have expanded its scope and sophistication to hit targets in Japan, Vietnam and the Middle East only in the last year, FireEye said in a report.

White House homeland security adviser Tom Bossert speaks about the WannaCry virus during a briefing at the White House last December

White House homeland security adviser Tom Bossert speaks about the WannaCry virus during a briefing at the White House last December

White House homeland security adviser Tom Bossert speaks about the WannaCry virus during a briefing at the White House last December

John Hultquist, FireEye’s director of intelligence analysis, said the reappraisal came after researchers found that the spy group showed itself capable of rapidly exploiting multiple ‘zero-day’ bugs – previously unknown software glitches that leave security firms no time to defend against attacks.

‘Our concern is that their (international) brief may be expanding, along with their sophistication,’ Hultquist said. ‘We believe this is a big thing’.

APT37 has focused on covert intelligence gathering for North Korea, rather than destructive attacks or financial cyber crime, as Lazarus Group and other similar hacking groups have been shown to engage in order to raise funds for the regime, it said.

The group appears to be connected to attack groups previously described as ScarCruft by security researchers at Kaspersky and Group123 by Cisco’s Talos unit, FireEye said.

‘We assess with high confidence that this activity is carried out on behalf of the North Korean government given malware development artefacts and targeting that aligns with North Korean state interests,’ the security report said.

APT37 concentrated mainly on South Korean government, military, defence industrial organisations and the media sector, as well as targetting North Korean defectors and human rights groups, from 2014 until 2017, according to the report.

But since last year, its focus has expanded to include an organisation in Japan associated with the United Nations missions on human rights and sanctions against the regime and the director of a Vietnamese trade and transport firm.

Its spy targets included a Middle Eastern financial company as well as an unnamed mobile network operator, which FireEye said had provided mobile phone service in North Korea until business dealings with the government fell apart.

FireEye declined to name the firm involved, but Egypt’s Orascom provided 3G phone service in the country via a joint venture from 2002 to 2015, until the North Korean regime seized control of the venture, according to media reports.

Asked for comment, a spokeswoman for Orascom said she had no immediate knowledge of the matter and was looking into it.

Related:

Suspected North Korean cyber espionage group reportedly expands operations’ sophistication and …

A suspected North Korean cyber espionage group’s operations were expanding in sophistication and scope, a new analysis has suggested. There were fears that the group’s recent activity laid the groundwork for attacks.

Earlier this month, a California-based cybersecurity company FireEye published a blog which detailed the use of an Adobe Flash zero-day vulnerability (CVE-2018-4878) by a suspected North Korean cyber espionage group. The company now track that group as APT37 (Reaper).

In an analysis of APT37’s activity, it found that the group’s operations are expanding, with a toolset that includes access to zero-day vulnerabilities and wiper malware. “We assess with high confidence that this activity is carried out on behalf of the North Korean government given malware development artifacts and targeting that aligns with North Korean state interests,” FireEye wrote.

It appeared that North Korea has been utilising previously unidentified holes in the Internet in order to carry out cyberespionage. That could possibly transform into cyberattacks.

There have been allegations that North Korean leader Kim Jong Un’s cyberwarriors were causing huge disruptions in the past years, which include a hack on Sony Pictures in 2014 as well as the WannaCry ransomware worm last year, which affected companies, banks and hospitals around the world. There were also reported attacks on South Korean servers.

The North Korean regime has reportedly funnelled a big amount of money and invested time into building a cyber-army that could outsmart technologically advanced countries like South Korea. North Korea was accused of attacks in South Korea, such as the hacking of a South Korean cryptocurrency exchange.

The Washington Post reports FireEye as saying that it has “high confidence” that a cyberespionage group it has identified was responsible for a number of attacks, not only in South Korea but also in Japan, Vietnam and the Middle East. There were suggestions that Lazarus, the collective that launched the attack on Sony has links to the North Korean regime.

Meanwhile, intelligence sources reportedly revealed that the United States was drawing up plans for cyber attacks on North Korea as Pyongyang said it is ready for “both dialogue and war.” Washington’s potential plans could focus on digital instead of conventional warfare.

A cyber attack could prevent the loss of lives and it could cripple Pyongyang’s online communications. It would negatively impact its ability to control its military. The Worldwide Threat Assessment has forecasted an increased potential for attacks in the cyber-realm.

Related:

North Korean hackers ramp up cyber aggression, says report

APT37 was “primarily based in North Korea”, it said, and its choice of targets “aligns with North Korean state interests”.

“We assess with high confidence that this activity is carried out on behalf of the North Korean government,” it added.

APT37 has been active at least since 2012, it said, previously focused on “government, military, defence industrial base and media sector” in the rival South before widening its range to include Japan, Vietnam and the Middle East last year, and industries ranging from chemicals to telecommunications.

“This group should be taken seriously,” FireEye added.

FireEye’s first APT was identified in a 2013 report by company division Mandiant, which said that hackers penetrating US newspapers, government agencies and companies “are based primarily in China and that the Chinese government is aware of them”.

One group, it said then, was believed to be a branch of the People’s Liberation Army in Shanghai called Unit 61398. Five of its members were later indicted by US federal prosecutors on charges of stealing information from US firms, provoking a diplomatic row between Washington and Beijing.

“We have seen both North Korean and Chinese operations range from simplistic to very technically sophisticated,” FireEye’s director of intelligence analysis, John Hultquist, said.

“The sharpest difference between the two really lies in the aggressive nature of North Korean operations,” he added.

“Whereas Chinese actors have typically favoured quiet espionage, North Korea has demonstrated a willingness to carry out some very aggressive activity, ranging from attack to outright global crime.”

But the WannaCry ransomware, he believes, was the work of a different North Korean group. “Thus far, we have only found APT37 doing the quiet espionage but they are a tool the regime can use aggressively.”

The North is known to operate an army of thousands of well-trained hackers that have attacked South Korean firms, institutions and even rights groups helping North Korean refugees.

Its cyber warfare abilities first came to prominence when it was accused of hacking into Sony Pictures Entertainment to take revenge for The Interview, a satirical film that mocked its leader Kim Jong-un.

More recently, according to analysts, the North’s hackers have stepped up campaigns to raise funds by attacking cryptocurrency exchanges as the value of bitcoin and other cybercurrencies soared.

AFP

Related:

North Korea’s growing criminal cyberthreat

(The Conversation is an independent and nonprofit source of news, analysis and commentary from academic experts.)

Dorothy Denning, Naval Postgraduate School

(THE CONVERSATION) The countries posing the greatest cyberthreats to the United States are Russia, China, Iran and North Korea. Like its counterparts, Kim Jong Un’s regime engages in substantial cyber espionage. And like Russia and Iran, it launches damaging cyberattacks that wipe data from computer disks and shut down online services.

But the North Korean cyberthreat is different in two ways. First, the regime’s online power did not grow out of groups of independent hackers. Even today, it seems unlikely the country has hackers who operate independent of the government. Second, North Korea’s cybercrime efforts – all seemingly state-sponsored – steal money that is then used to fund its cash-strapped government.

One reason for North Korea’s apparent lack of independent hackers is that most North Koreans do not have internet access. Although the country has had an internet connection through China for several years, it’s reserved for elites and foreign visitors. Would-be hackers can’t launch attacks across borders; they can’t even pick up hacking manuals, code and tips from the many online forums that other hackers in other nations use to learn the trade and share information.

On top of that, North Korea maintains exceptionally strong controls over its population. Any hacking attributed to North Korea is likely done for the government if not by the government directly.

North Korea’s cyber warriors work primarily for the General Bureau of Reconnaissance or the General Staff Department of the Korean People’s Army. Prospective candidates are selected from schools across the country and trained in cyber operations at Pyongyang University of Automation and other colleges and universities. By 2015, the South Korean military estimated the KPA employed up to 6,000 cyber warfare experts.

North Korean hackers operate from facilities in China and other foreign countries where their government sends or permits them to work. Indeed, the country has reportedly sent hundreds of hackers into nearby countries to raise money for the regime. Many of the cyberattacks attributed to North Korea have been traced back to locations inside China.

North Korea has been using cyber operations to spy on the U.S. and South Korea since at least 2004. U.S. targets have included military entities and the State Department. North Korea uses cyber espionage to acquire foreign technology, including technologies relating to weapons of mass destruction, unmanned aerial vehicles and missiles.

By 2009, North Korea had expanded its cyber operations to include acts of sabotage. The first of these took place in July 2009, when massive distributed denial of service (DDoS) attacks shut down targets in the U.S. and South Korea. The attackers also used “wiper” malware to delete data on disks.

North Korea has continued to launch DDoS and disk-wiping attacks over the years, targeting banks as well as other military and civilian systems in the U.S. and South Korea. A cyberattack in April 2011 against South Korea’s agricultural banking cooperative Nonghyup was said to shut down the bank’s credit card and ATM services for more than a week.

In December 2014, the North’s attackers hit desktop computers in a South Korean nuclear plant with wiper malware that destroyed not only the data on hard drives, but also the master boot record startup software, making recovery more difficult. In addition, the attack stole and leaked blueprints and employee information from the plant.

North Korea has also been accused of trying to hack electric power companies in the U.S. and a railroad system in Canada.

The attack on the nuclear facility took place about a month after North Korea attacked Sony Pictures with wiper malware that zapped over 4,000 of the company’s desktop computers and servers. The attackers also stole and posted pre-release movies and sensitive, often embarrassing, emails and other data taken from the company.

Calling themselves the “Guardians of Peace,” the attackers demanded that Sony withhold release of the satirical film “The Interview,” which depicts an assassination attempt against North Korea’s leader, Kim Jong-un. The attackers also threatened violence against any movie theaters showing the film.

Although theaters initially canceled their scheduled showings, ultimately the film was released both online and in theaters. North Korea’s coercive attempts failed, as they have in other cases.

In recent years, North Korea started using cyber operations to generate revenue for the government. This is done through several illicit means, including outright theft of funds, extortion and cryptocurrency mining.

In early 2016, the regime came close to stealing US$951 million from the Bangladesh Central Bank over the global SWIFT financial network. Fortunately, because of a misspelling, they only succeeded in moving $81 million. Analysts attributed the attack to the “Lazarus Group,” the same group believed to be behind many of the attacks tied to North Korea, including those against Sony and other banks.

The Lazarus Group has also been blamed for the WannaCry ransomware that spread to computers in 150 countries in 2017. After encrypting data on a victim’s computer, the malware demanded payment in the bitcoin digital currency to get access back.

North Korea has been mining cryptocurrencies on hacked computers as well. The hijacked machines run software that “earns” the digital currency by performing a computationally difficult task. The funds are then directed into an account tied to the hackers.

North Korean hackers also attack cryptocurrency exchanges. They have reportedly stolen millions of dollars worth of bitcoin from two exchanges in South Korea and attempted thefts from 10 others.

Like other countries, North Korea uses cyber espionage and cyber sabotage to acquire secrets and harm adversaries. But it stands out from other countries in its use of cybercrime to finance its programs. This is perhaps not surprising given North Korea’s history of counterfeiting U.S. currency and using other illicit activities to acquire funds.

The introduction of online transactions and digital currencies, coupled with inadequate cybersecurity, has opened the doors to North Korea for illicitly acquiring funds by new means. Given the country’s appetite for building nuclear and other weapons, as well as the effects of economic sanctions, it seems likely that North Korea will continue to seek ways of exploiting the cyber world for economic advantage.

This article was originally published on The Conversation. Read the original article here: http://theconversation.com/north-koreas-growing-criminal-cyberthreat-89423.

Related:

Intelligence: Pyongyang Trying to Steal Cryptos before Pyeongchang Olympics

Intelligence: Pyongyang Trying to Steal Cryptos before Pyeongchang OlympicsIntelligence: Pyongyang Trying to Steal Cryptos before Pyeongchang Olympics
Security
8 hours ago |

|

6907

|

Despite some cracks on the icy surface of inter-Korean relations, caused by the Olympic spirit, tensions on the silent crypto front in Korea remain high. South Korean intelligence has informed lawmakers in Seoul that the North keeps trying to hack cryptocurrency exchanges south of the DMZ. Cryptos worth billions of won have been stolen by DPRK hackers last year, the secret service says.

Also read: Hong Kong Hacker Arrested in Blackmail for Bitcoin Case

All is Not Quiet on The Crypto Front

North Korea is continuously trying to hack South Korean cryptocurrency exchanges, the National Intelligence Service told deputies on Monday. The spy agency is doing its best to prevent further hacking, after DPRK hackers allegedly stole digital coins worth billions of Korean won last year.

“North Korea sent emails that could hack into cryptocurrency exchanges and their customers’ private information. It stole cryptocurrency worth billions of won”, said Kim Byung-kee, member of South Korea’s parliamentary Intelligence Committee, quoted by Reuters. The deputy did not reveal details about the targeted platforms.

In December, the South Korean intelligence agency announced it had evidence of North Korean involvement in the attack on Bithumb. Personal data of more than 30,000 users of the crypto exchange had been stolen in the hack. Korean authorities fined its operator for leaking private information, as news.Bitcoin.comreported. Bithumb is said to be the world’s largest cryptocurrency exchange by trading volume.

Intelligence: Pyongyang Trying to Steal Cryptos before Pyeongchang Olympics

Intelligence: Pyongyang Trying to Steal Cryptos before Pyeongchang Olympics

Hackers from the notorious Lazarus Group were implicated in the 2017 attacks on South Korean cryptocurrency exchanges, Korean media reported in mid-January. They are believed to be linked to the DPRK regime. The internet company Recorded Future claimed in a report that North Korean government actors (including Lazarus Group) continued to target South Korean exchanges and their users in late 2017. The attacks went on until Kim Jong Un’s New Year’s “peaceful resolution” speech, after which the dialogue with the South was reestablished, Sputnik reports. Beside exchanges and crypto users, the hackers also targeted South Korean students with interests in foreign relations.

Hacking May Overshadow “United Korea” Olympiad

With rare exceptions, relations between North and South have been tense for the most part of the decade-long conflict on the divided Korean Peninsula. The two Korean states are technically at war, as only an armistice, not a peace treaty, has been signed to maintain the peace. The 1953 ceasefire agreement silenced guns but did not end hostilities on the silent front. Nuclear tests, rocket launches, kidnappings and occasional artillery shelling have reminded everybody that the war is not over. In the digital age, the isolated communist North has allegedly employed cyber warfare tactics and techniques that have reached the world of cryptos like bitcoin, where South Korea is a major player.

Intelligence: Pyongyang Trying to Steal Cryptos before Pyeongchang Olympics

Intelligence: Pyongyang Trying to Steal Cryptos before Pyeongchang Olympics

Periods of less tension have created conditions for some positive developments – families have been united, joint projects like the Kaesong Industrial Zone have been realized. The Winter Olympic Games, to be held this February in Pyeongchang (South Korea), opened another window of opportunity. The two Korean states agreed to march together during the opening ceremony under the Korean Unification Flag. A Unified Korea women’s ice hockey team will compete in the games.

The new information about ongoing hacking attacks on South Korean crypto exchanges, reportedly sponsored by the North, comes days before the official start of Pyeongchang 2018 (9 – 25 February). It coincides with reports that North Korea’s de jure head of state Intelligence: Pyongyang Trying to Steal Cryptos before Pyeongchang Olympics

Intelligence: Pyongyang Trying to Steal Cryptos before Pyeongchang Olympicswill arrive in Pyeongchang this week. 90-year-old Kim Yong-nam, who will be the most senior North Korean official to ever visit South Korea, is the acting president of DPRK’s parliament.

An unnamed official from the South Korean presidential administration, quoted by BBC, said that Kim’s visit reflected the North’s willingness to improve inter-Korean relations, and demonstrated sincerity. Born in a family of North Korean refugees, South Korean President Moon Jae-in recently told CNN he wanted to be the leader “who built a peaceful relationship between North and South”.

Do you think reports of continuing North Korean attacks on South Korean crypto exchanges will cast shadow over “United Korea” Olympics? Tell us in the comments section below.


Images courtesy of Shutterstock.


Express yourself freely at Bitcoin.com’s user forums. We don’t censor on political grounds. Checkforum.Bitcoin.com.

Related:

  • No Related Posts

You realize, of course, this means War

Security researchers have long spoken about “the attribution problem” – that is, the difficulty of pinning a specific security event to a specific threat actor with a particular motivation and support group. But we forget the other part of the attribution problem – what happens when we actually ARE able to attribute a specific attack to a specific actor? Once we publicly attribute an act, we kinda sorta have to do something. And that’s an entirely different kind of problem altogether.

Recently, the Trump administration announced publicly that the WannaCry ransom attack was the work of the Lazarus Group working on behalf of the North Korean government – and that Pyongyang used tools stolen from the NSA to perpetuate the attack. The WannaCry attack which was launched last may was a cryptolocker attack which not only disrupted computers belonging to more than 200,000 companies around the world causing billions of dollars in losses but also lead to the payment of at least tens of millions of dollars in cryptocurrency as ransom to release the data in those computers. Thus, as a state-sponsored attack, it served several purposes. It announced the DPRK’s ability to either directly or indirectly infiltrate and obtain NSA secrets (or at least exploit these purloined secrets obtained by a group called Shadow Brokers which the government did not directly attribute to North Korea); it announced that disruption attacks will be used as weapons of war; and finally, it announced that nation-states will use cyber attacks as a means of financing themselves and their other activities. Thus, future nuclear preparations, chemical warfare, kinetic attacks or support for terrorist or other activities may be financed by ransomware attacks.

This follows on the heels of the 2014 SONY attack – also widely but not yet officially attributed to North Korea, in which confidential memoranda and communications of SONY corporate officials were publicly disseminated in reprisal for the film studio’s release of a movie perceived to be critical of the North Korean dear leader.

So, the question is – now that we have publicly attributed the WannaCry attack to the Kim regime, what do we do about it?

A Few Good Options

Trump administration Homeland Security Advisor Thomas P. Bossert described the administration’s proposed response to the nation-state threat of cyber attack in a letter to the Wall Street Journal noting that, “We call on the private sector to increase its accountability in the cyber realm by taking actions that deny North Korea and other bad actors the ability to launch reckless and destructive cyberattacks. We applaud Microsoft and others for acting on their own initiative last week, without any direction or participation by the U.S., to disrupt the activities of North Korean hackers.”

That’s a curious response by a government agency.

Imagine if attackers from Canada lobbed missiles at buildings in New York and the Department of Defense called on the private sector to increase its accountability to take actions to prevent the Canadians from having the ability to attack further. It’s also strange for the U.S. government to implore private companies to engage in what the law calls “self-help” in disrupting foreign state actors.

The options for private companies are also limited when it comes to responding to state-sponsored attacks. Of course, they can increase their defenses, responses, and resilience to such attacks – hardening the bunkers and increasing their monitoring. Some types of attack – like DDoS or similar disruptions can be minimized or diverted. Threat intelligence can be a useful tool for learning about adversary intentions and abilities. But regarding actual response, private sector actors – either working alone or in concert – have limited legal options. They can share information; they can block malicious traffic, they can even create an electronic “blockade” or “quarantine” of known bad domains or IP addresses. But they can’t send in troops, they can’t impose economic sanctions (well, maybe they can), and they can’t disrupt infrastructure – well, they can’t do that legally.

The U.S. government has attributed other cyber attacks to North Korea as well. In addition to WannaCry and SONY, the government and security researchers have attributed attacks to the BitCoin and other cryptocurrency networks to the DPRK and other state actors – again as a means of financing other activities, as part of what Reuters attributed to a U.S. government source as “a continued pattern of North Korea misbehaving, whether destructive cyber-attacks, hacking for financial gain, or targeting infrastructure around the globe.”

In the case of Chinese hacking, the U.S. has taken a different tack. In several cases, the U.S. has used the criminal justice system to indict alleged Chinese state actors for hacking activities which impacted U.S. computers or companies. In November 2017 the U.S. indicted three employees of Chinese security company Guangzhou Bo Yu Information Technology Company Limited (“Boyusec”) for economic espionage. This is on the heels of a May 2014 indictment of five Chinese military hackers for computer hacking, economic espionage and other offenses directed at six American victims in the U.S. nuclear power, metals and solar products industries. Of course, without obtaining the actual bodies of those responsible, the indictments themselves result in a pyrrhic victory – a government to government shot across the bow.

A Matter of Proportion

Under the Law of Armed Conflict (LOAC), the 1949 Geneva Conventions, and implementing regulations under DoDD 5100.77 (among others), combatants should adhere to certain principles when it comes to war. These include military necessity (acts necessary to accomplish a legitimate military objective); distinction (discriminating between lawful combatant targets and noncombatants); and proportionality (using only as much force as necessary to accomplish objectives). But what is the “appropriate” or “proportionate” response to a WannaCry attack on hospitals in Great Britain? What are the appropriate targets? How can or should they be attacked? Should the U.S. Air Force bomb the North Korean cyber infrastructure? Should we launch our own DDoS attack on the Lazarus Group? Grenades lobbed at hackers?

The problem with matching cyber attacks with cyber attacks relate not only to attribution and blowback but also to target selection and collateral damage. If a state sponsor disrupts civilian infrastructure, should another state then disrupt that country’s infrastructure – including hospitals, universities, transportation, etc. ? Not a lot of good options.

To paraphrase Winston Churchill, “We shall go on to the end. We shall fight in Cyberspace; we shall fight on the routers and firewalls, we shall fight with growing confidence and growing strength in the WiFi, we shall defend our domain, whatever the cost may be. We shall fight on the DMZ’s; we shall fight on the proxies, we shall fight in the servers and in the desktops, we shall fight in the network; we shall never surrender.” Bits, sweat, and tears.

The lack of good options here almost makes you wanna cry.

Related

Related:

Expert: Malaysia ill-prepared for cyber attacks

CF Fong says the authorities must take cyber security and cyber warfare seriously.

CF-Fong

CF-FongGEORGE TOWN: A cyber security expert today urged the authorities to take cyber security and cyber warfare more seriously.

CF Fong, who is the founder of security services firm LGMS, said the country was currently ill-prepared to face such attacks.

He cited the example of the WannaCry ransomware attack which happened in May and questioned how many of those affected locally had actually reported it.

“Even when they were attacked and got affected, a majority of them remained silent. Furthermore, there is no intelligence sharing.

“Without all these, the authorities will not be able to assess our situation and issue corresponding alerts,” he told FMT.

The WannaCry ransomware caused worldwide chaos for individuals, businesses and public bodies. The virus encrypts data on infected computers then asks users to pay a “ransom” in order to receive a code that unencrypts the data.

Fong also noted that when the attack happened, only two official incidents were reported to the authorities but his firm had been working on at least 16 WannaCry recovery cases.

In light of this, he said the authorities needed to enhance cyber laws to mandate the disclosure of hacking incidents, such as data leaks, corporate espionage and fraud.

He said that currently, when organisations or companies were hit by hackers, they were not obligated to disclose the incident, even if the incident dealt with public interests.

“Mandating the disclosure of such incidents will also enhance threat intelligence sharing.

“For instance, if an organisation was hit by virus XYZ, which then leads to loss of data, they may or may not share the information with other organisations.

“The intel may just stop there,” he said.

Fong said there was also a lack of official statistics on cyber attacks in the country.

“We do not have official statistics of how many sites actually got hit, how many servers, what techniques hackers were using, among others.

“All these are important indicators for others in preventing similar attacks,” he added.

North Korea denies US WannaCry cyberattack accusation

North Korea on Thursday denied US accusations it was behind the WannaCry global ransomware cyberattack earlier this year and vowed to retaliate.

North Korea described the accusation as a “grave political provocation” and said Washington had “ulterior motives.”

A spokesperson from North Korea’s Foreign Ministry said the allegations were “absurd,” according to North Korean state news agency KCNA.

Read more:US and UK blame North Korea for WannaCry cyberattack

“This move is a grave political provocation by the US aimed at inducing the international society into a confrontation against the DPRK by tarnishing the image of the dignified country and demonizing it,” the spokesperson said.

WannaCry infected some 300,000 computers in 150 countries in May, encrypting user files and demanding hundreds of dollars from their owners in exchange for the keys to get their files back.

Watch video01:15

Share

Ransomware cyberattack threatens organizations worldwide

SendFacebookTwitterGoogle+WhatsappTumblrlinkedinstumbleDiggredditNewsvine

Permalink http://p.dw.com/p/2d02e

Ransomware cyberattack threatens organizations worldwide

US homeland security adviser Tom Bossert wrote a Wall Street Journal op-ed published on 18 December that claimed North Korea was directly responsible for the cyberattack.

At a press conference on Tuesday Bossert said, “After careful investigation, the United States is publicly attributing the massive WannaCry cyberattack to North Korea. We do not make this allegation lightly. We do so with evidence, and we do so with partners.”

Read more:North Korea link to WannaCry ransomware ‘highly likely’

“The United Kingdom, Australia, Canada, New Zealand, and Japan have seen our analysis, and they join us in denouncing North Korea for WannaCry,” Bossert said.

Bossert also said Microsoft had traced the attack to cyber affiliates of the North Korean government, and others in the security community have contributed their analysis.

Watch video01:57

Share

Cyber attacks through the years

SendFacebookTwitterGoogle+WhatsappTumblrlinkedinstumbleDiggredditNewsvine

Permalink http://p.dw.com/p/2d1j6

Cyber attacks through the years

On Tuesday the UK came out in support of the US accusations. Foreign Office Minister Lord Ahmad said in a statement that, “The UK’s National Cyber Security Centre assesses it is highly likely that North Korean actors known as the Lazarus Group were behind the WannaCry ransomware campaign – one of the most significant to hit the UK in terms of scale and disruption.”

“We condemn these actions and commit ourselves to working with all responsible states to combat destructive criminal use of cyberspace. The indiscriminate use of the WannaCry ransomware demonstrates North Korean actors using their cyber programme to circumvent sanctions,” Ahmad said.

Read more: New EU cyber strategy aims to cut crime and raise resilience

The cyberattack crippled hospitals, banks and other companies worldwide, including parts of the UK’s National Health Service. Some companies reported massive losses, including FedEx which said they had incurred losses in the hundreds of millions of dollars.

The attack exploited a Windows vulnerability that was originally developed by the US National Security Agency, but was released in a stolen cache of NSA cyberweapons by a hacking group known as the Shadow Brokers.

law/jil (AFP, AP)

Related:

North Korea To Blame For ‘WannaCry’ Cyber Attacks: Microsoft And Facebook Helped Combat …

White House homeland security adviser Tom Bossert claims North Korea is responsible for the “WannaCry” cyber attack. A hacker group associated with the North Korean government is to blame for the attack, Mr. Bossert says.

The homeland security adviser published an op-ed in the Wall Street Journal, officially blaming the Asian country for the attack. On December 19, Tom Bossert and Assistant Secretary at Homeland Security’s Office of Cybersecurity and Communications Jeanette Manfra, held a briefing, further confirming these claims.

Apart from blaming Pyongyang for the attacks, Bossert asserted that Facebook and Microsoft disabled North Korean cyber actions. The homeland security adviser did not go into detail, but he called on other companies to cooperate in cyber security defense, Reuters reports.

It is no secret that governments are shifting focus to cyber warfare, even NATO, the world’s largest intergovernmental military alliance, is officially developing cyber warfare strategies.

North Korea is not the only country Tom Bossert has accused of trying to destabilize the United States through cyber attacks. Russia, China, and Iran have also made the list. Furthermore, Bossert openly praised Donald Trump’s efforts, claiming that the president had taken steps in the right direction, by ordering the modernization of government information technology. This maneuver is meant to enhance security and minimize vulnerabilities of US computer systems.

https://t.co/h2SZG3mQy0

— Damir Mujezinovic (@damir_92sa) December 19, 2017

Tom Bossert served as Deputy Homeland Security Advisor to President George W. Bush and co-authored the National Strategy for Homeland Security in 2007. In July 2017, a British hacker obtained Bossert’s private email address, after fooling Mr. Bossert into thinking that he was Jared Kushner, President Trump’s senior adviser and son-in-law.

What is “WannaCry”?

An elaborate, worldwide cyber attack, “WannaCry” is a ransomware cryptoworm. It targeted Windows OS-powered devices, encrypting data in the process, with the goal of extorting ransom payments. The initial outbreak lasted for 3 days, starting on May 12, 2017. The attack has netted North Korean hackers millions of dollars in cryptocurrencies such as bitcoin, researchers say. Corporations, banks and hospitals all over the world were affected.

The attack was carried out by Lazarus Group, a hacking entity which works for or with the North Korean government, U.S. intelligence agencies claim. The same hacker group is believed to have been responsible for the hack of Sony Pictures Entertainment in 2014.

Related:

  • No Related Posts