North Korean Hackers More Interested in Cash (and Gambling Sites) Than State Secrets

Posted on: July 29, 2017, 10:00h. 

Last updated on: July 28, 2017, 03:16h.

Katie Barlowe Read More

North Korea’s notorious state-backed cyber-criminals are more interested in stealing cash than classified state secrets these days, and they will even hack into online gambling and poker websites to achieve their nefarious ends.

That’s the verdict from South Korea’s Financial Security Institute (FSI), which analyzed cyber-attacks between 2015 and 2017 and found that, far from focusing on acts of disruption or espionage, the secretive, cash-strapped Hermit Kingdom is just trying to made a fast buck.

FSI said it had created malware to hack into online poker and other gambling sites to steal money.

North Korea’s economy has been in tatters since the collapse of the Soviet Union resulted in the loss of Eastern bloc trading partners.

This, coupled with the ramping up international sanctions as it pursues its aggressive nuclear program, has left it with serious food shortages.

Link to Fed Back Heist

The country has been linked to numerous attacks in recent years, including the 2014 hack on Sony Entertainment, which deleted vast amounts of the company’s data and compromised personal and sensitive employee information.

But since then, attacks have been more mercenary in nature. The group behind the Sony hack, known as “Lazarus,” is also believed to have orchestrated the daring heist on the Federal Reserve Bank of New York, which attempted to empty an account owned by the government of Bangladesh.

On February 5, 2016, hackers flooded the Fed Bank with requests for transfers totaling almost $1 billion. Around $101 million was successfully withdrawn before suspicions were raised, much of which ended up in the laxly regulated Philippine casino sector and disappeared without trace.

Illegal Online Gambling Operator

FSI has identified two Lazarus offshoots, Bluenoroff, a group focused mainly on attacking foreign financial institutions; and Andariel, which concerns itself with attacking South Korean businesses and government agencies.

Cyber-security firms have also accused North Korea of being behind the “WannaCry” ransomware attack that infected more than 300,000 computers in 150 countries in May.

But it’s not just large-scale operations: as well as pilfering funds from online gambling sites, North Korea engages in hacking ATMs to steal banking information, as well as stealing, and mining, bitcoin and other digital currencies.

North Korea does not just hack online gambling sites, it has also been reported to operate them, mainly targeting South Koreans.

Last year, Cho Hyun-chun, the chief of South Korea’s Defense Security Command, said its northern neighbor’s online gambling operations and other illegal online businesses generated roughly $866 million per year.