A North Korean hacking group focused on financial gain for the rogue state has penetrated banks around the world with a series of ongoing attacks, and has tried to steal at least US$1.1 billion (NZ$1.7 billion) over the last four years, according to a new tally by cybersecurity firm FireEye Inc.
The group, which FireEye identified as APT38, has infiltrated more than 16 organizations in 11 countries including the US, and stolen more than $100 million. The hackers have gotten past heavily defended servers at banks and spent time scouring the networks. Security officials should be alarmed, FireEye said last week in a report.
"What sets the North Koreans apart is they wait an average of 155 days before they steal the money," Charles Carmakal, vice president of consulting at FireEye, said in an interview. "They understand banking networks pretty well. And they probably have geopolitical considerations behind the timing, location of their attacks."
The most prominent attack by APT38 was the theft of funds from the Bangladeshi central bank's accounts at the U.S. Federal Reserve in 2016. In that case, the hackers got the Fed to transfer some US$100 million by sending fake wiring orders. About US$40 million was recovered when the hack was discovered and transfers were reversed before they could be withdrawn.
In January, Mexico's state-owned trade bank thwarted the attempted theft of US$110 million using similar methods. In May, a Chilean bank lost US$10 million. All were carried out by APT38, FireEye said in its report.
North Korean diplomats and official media have denied that the country plays any role in cyberattacks.
In its recent attacks, the group "burns the house down," wiping out computer hard drives to erase its tracks, Carmakal said. Even as other attacks continue, APT38 hasn't targeted American banks amid North Korea's peace talks with the U.S., he said.
Banks and other financial institutions are targeted by the most sophisticated cyber criminals, who are attracted to the lure of big-money paydays, FireEye and other groups have said. That has prompted banks to outspend other industries to protect themselves, with the biggest U.S. firms' annual cybersecurity budgets reaching $1 billion.
Financial firms face the highest number of attempted breaches from computer addresses that have been already blocked because of prior misbehaviour, according to a report set for release Tuesday by cybersecurity firm eSentire. That points to targeted campaigns and persistent efforts by sophisticated attackers, according to Eldon Sprickerhoff, founder and chief innovation officer of eSentire.