Phishing alert: N Korea’s hacking attacks shows your email is still the weakest link

10-Sep-2018 Intellasia | Zdnet | 6:00 AM Print This Post

The North Korean group accused of some of the biggest cyber crimes ever conducted may have harnessed some highly sophisticated technologies, but their ability to break into computer networks worldwide often relied on nothing more than a bogus email.

The US Department of Justice has formally charged a North Korean programmer for his part in some of the largest cyber-attacks in recent years, conducted by a group backed by the North Korean government.

The 172-page criminal complaint published by the US Department of Justice provides an unprecedented insight into the workings of one of the most notorious hacking groups on the planet, but also shows how their most successful attacks were at least in part down to a blizzard of fakephishingemails.

The group’s activities allegedly include the devastating attack on Sony Pictures Entertainment in November 2014. The group launched their attack on the company in response to the movie The Interview, a comedy that depicted the assassination of North Korea’s leader. The hackers gained access to the company’s network, stole confidential data, threatened executives and employees, and rendered thousands of computers inoperable.

The group was also responsible, according to the criminal complaint, for the 2016 theft of $81 million from Bangladesh Bankthe largest successful cyber theft from a financial institution to dateand creation of the malware used in the 2017 WannaCry global ransomware attack.

On top of the money stolen, the damage caused by the hacking attacks and malware may have cost billions of dollars, according to US officials. The FBI said the group has targeted, and continue to target, other victims and sectors, including defense contractors, university faculty, technology companies, virtual currency exchanges, and US electric utilities.

The FBI said the group did significant research before launching their attacks, with online reconnaissance including research relating to the victim company, as well as to individual employees of the victim company.

The results of that reconnaissance were then used by the hackers to prepare spear-phishing messages to send by email or social media to persons affiliated with those entities. “In general, the hackers intend their victims to open the spear-phishing messages while using their employers’ computer systems, thus breaching the employers’ network security,” said the complaint.

Some of these phishing emails pretended to be emails from Facebook or Google. In other cases the hackers created email accounts in the names of recruiters or high profile execs at one company (like a US defense contractor), and then used the accounts to send bogus recruitment messages to employees of competitor companies. Other phishing attempts simply posed as apparently speculative job applications.


Category: Korea

Print This Post

Comments are closed.