Security News

Three suspected North Korean military intelligence hackers have been charged with, among other things, conspiring to loot more than $1.3bn from banks, ATMs, and cryptocurrency companies, according to an indictment unsealed by the US Department of Justice on Wednesday. Court documents, filed in the District Court in Los Angeles in December last year and now made public [PDF], claim Park Jin Hyok, 36, Jon Chang Hyok, 31, and Kim Il, 27, were hackers employed by the Reconnaissance General Bureau, a North Korean intelligence agency.

The U.S. Justice Department today unsealed indictments against three men accused of working with the North Korean regime to carry out some of the most damaging cybercrime attacks over the past decade, including the 2014 hack of Sony Pictures, the global WannaCry ransomware contagion of 2017, and the theft of roughly $200 million and attempted theft of more than $1.2 billion from banks and other victims worldwide. Investigators with the DOJ, U.S. Secret Service and Department of Homeland Security told reporters on Wednesday the trio's activities involved extortion, phishing, direct attacks on financial institutions and ATM networks, as well as malicious applications that masqueraded as software tools to help people manage their cryptocurrency holdings.

Multiple spear-phishing campaigns targeting U.S. aerospace companies, defense contractors, energy companies, technology companies, the U.S. Department of Defense and the U.S. Department of State. Cryptocurrency Heists, 2017-2020: Targeting of hundreds of cryptocurrency companies, including stealing $75 million from a Slovenian cryptocurrency company in December 2017; $24.9 million from an Indonesian cryptocurrency company in September 2018; and $11.8 million from a financial services company in New York in August, in which the hackers used the malicious CryptoNeuro Trader application as a backdoor.

The U.S. Justice Department on Wednesday announced the indictment of three North Korean military intelligence officials linked to high-profile cyber-attacks that included the theft of $1.3 billion in money and crypto-currency from organizations around the world. The DOJ described the scope of the North Korean hacking operation as "Extensive and long-running".

The U.S. Department of Justice has charged three North Koreans for stealing $1.3 billion in money and cryptocurrency in attacks on banks, the entertainment industry, cryptocurrency companies, and more. The defendants are state-sponsored North Korean hackers and members of Reconnaissance General Bureau units, a North Korean military intelligence agency that has engaged in criminal hacking operations.

North Korean attacks on crypto exchanges reportedly netted an estimated $316m in cryptocurrency in 2019 and 2020, according to a report by Japan's Nikkei. The outlet says it saw that figure in a draft of a United Nations report destined for the desk of the Security Council's North Korea Sanctions Committee.

Google said the attackers were targeting security researchers by using fake LinkedIn and Twitter profiles and asking to collaborate. Google unveiled a new report from its Threat Analysis Group on Monday highlighting the work of a group of cyberattackers associated with the government of North Korea that sought to impersonate cybersecurity researchers in an effort to target those "Working on vulnerability research and development at different companies and organizations." Adam Weidemann, a member of the Threat Analysis Group, wrote that the attackers used a variety of fake blogs, Twitter accounts and LinkedIn profiles to make themselves look legitimate and communicate with researchers and analysts they were hoping to go after.

A zero-day hunter has told The Register of the "Holy f**k" moment when he realised he'd been targeted by a North Korean campaign aimed at stealing Western researchers' vulns. Enraged by the deception, Caceres also offered a hefty bounty for information leading to the arrest of "James Willy", who appears to be one of the North Korean actors engaged on the Pyongyang-driven campaign.

Over the past few months, hackers have been trying to surreptitiously backdoor the computer systems of a number of security researchers working on vulnerability research and development at different companies and organizations, the Google Threat Analysis Group has revealed on Monday. The hackers, who Google TAG believes are backed by the North Korean government, first created a blog, populated it with posts write-ups about vulnerabilities that have been publicly disclosed, then created Twitter, LinkedIn, Keybase, and Telegram accounts with fake personas and used them to try to contact the targeted security researchers directly.

A North Korean government-backed hacking group targets security researchers who focus on vulnerability and exploit development via social networks, disclosed Google tonight. According to a report released tonight by Google's Threat Analysis Group, a North Korean government-backed hacking group uses social networks to target security researchers and infect their computers with a custom backdoor malware.