Cryptocurrency Used to Fund North Korean Weapons Program, Says US Treasury

The groups have reportedly conducted cryptocurrency ransomware attacks and other cyber crimes aimed at subverting international sanctions against …

The US Treasury Department has just announced new sanctions against online criminal groups based in North Korea. The groups have reportedly conducted cryptocurrency ransomware attacks and other cyber crimes aimed at subverting international sanctions against the state.

The US Treasury believes these attacks are directly funding the North Korean missile programme. This presents those companies affected by ransomware with a tough choice – lose access to crucial data for good or fund a potentially dangerous nation’s military preparations.

North Korean Hackers Use Cryptocurrency to Fund Government Missile Programme

According to a press release published earlier today by the US Department of the Treasury, there are to be new sanctions against North Korean hackers groups believed to be funding the nation’s missile programme using various criminals means. This has included hacking of cryptocurrency exchanges and ransomware attacks.

The release names three such groups explicitly: “Lazarus Group,” “Bluenoroff,” and “Andariel”. It goes on to state that the agency believes these groups to be directly linked to the North Korean government.

From today, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) has officially banned dealings of US citizens or financial institutions with the groups mentioned.

Sigal Mandelker, Treasury Under Secretary for Terrorism and Financial Intelligence, stated the following of the sanctions:

“Treasury is taking action against North Korean hacking groups that have been perpetrating cyber attacks to support illicit weapon and missile programs… We will continue to enforce existing U.S. and UN sanctions against North Korea and work with the international community to improve cybersecurity of financial networks.”

Of the groups mentioned, the Lazarus Group are perhaps most well known. Lazarus is thought to have gone after high profile institutional targets. These include government, military, and financial institutions, as well as other large companies involved with shipping, critical infrastructure, and publishing.

Lazarus is believed to have been created by the North Korean government in 2007. It was involved in the massive ransomware attack known as WannaCry 2.0. The hugely destructive attack saw hundreds of thousands of computer systems frozen in exchange for cryptocurrency ransom payments.

The other two groups are believed to be offshoots of the Lazarus Group. The release states that Bluenoroff specialises in backdoor intrusions and phishing attacks. It was first noticed in 2014. It has since attempted to steal more than $1.1 billion from various financial institutions, including cryptocurrency exchanges.

According to the release, the second splinter group, Andariel, focuses more on malicious cyber activity against other businesses and government agencies. The group has been linked with hacking poker and gambling sites, as well as ATMs to help North Korea subvert sanctions against it. It is also known to target South Korean government and military personnel to gather intelligence.

Related Reading:Central Bankers Ready to Boost Bitcoin Price Sky-High; Here’s Why

Featured Image from Shutterstock.

Related Posts:

  • No Related Posts

Kaspersky reveals diagnosis of cyberthreats plaguing the healthcare sector

Kaspersky tags escalating number of cyberthreats as the modern plague haunting the healthcare sector, at the recent 5th CyberSecurity Weekend in …

Kaspersky’s fifth cybersecurity weekend puts spotlight on still unseen attacks against medical and pharmaceutical organisations in APAC.

Content supplied by Kaspersky.

Kaspersky tags escalating number of cyberthreats as the modern plague haunting the healthcare sector, at the recent 5th CyberSecurity Weekend in Yangon, Myanmar.

With the theme “Cybersecurity: Healing the Healthcare Sector”, the conference is set to examine the past, the present, and the future state of the medical industry’s threat landscape. The annual event will be attended by the Kaspersky’s elite researchers, key executives, as well as journalists from 12 Asia Pacific (APAC) countries.

“Data is sick. Confidential medical records being breached, advanced devices turning a human into a bionic man, these ideas have since crossed the bridge between fictional stories and our physical world. They are well within our reality, in Asia Pacific and globally. As rapid digitalisation penetrates the healthcare sector, cybercriminals are seeing more opportunities to attack this lucrative and critical industry, which is honestly not equipped enough to face this virtual danger,” says Stephan Neumeier, Managing Director for Asia Pacific at Kaspersky.

Attacks against hospitals and pharmaceuticals have been happening worldwide, especially in the more advanced countries in the west. The recent years, however, have seen the threat creeping towards APAC. Reports have even projected that the medical industry in the region can incur economic losses of up to USD 23.3 million from cybersecurity incidents.

The Australian Information Commissioner (OAIC) revealed last year that out of the 262 data breaches reported under the Australian Notifiable Data Breach (NDB) scheme, 54 came from the private health sector followed by finance (40); legal, accounting and management services (23); private education providers (21) and mining and manufacturing (12).

Singapore, the highly-connected and considered as the technology and business hub of Asia, has suffered four data breaches concerning healthcare organisations in just 12 months. One incident even involved health records of the country’s prime minister. The infamous Wannacry ransomware has also crippled several medical establishments in the region, particularly in China, Hong Kong, and Vietnam.

Senior Security Researcher from GReAT Korea, Seongsu Park gave further insight to healthcare related data from the Darkweb. An example given in his presentation is an Australian based darkweb seller called Ausprdie. This platform is known to sell digital product in exchange for individuals medical data which includes phone numbers.

Ausprdie medical heist from the dark web.

He also noted that medical records can be considered more valuable than a simple credit card. This is because a hospital generally requires a patient’s personal and financial credentials before a check-up or an admission.

“Based on the indications and patterns we have seen and are still seeing on the dark web, the main purpose of the individuals behind these hacking groups is to sell the medical information to another crime group or to any individual who aims to access confidential medical data. It is quite alarming that we are increasingly coming across such active advertisements, which can either mean this illegal practice has turned into a normal type of business or the demand for such attacks are becoming increasingly high,” adds Park.

Leading the team of researchers is Vitaly Kamluk, Head of GReAT APAC at Kaspersky, who zero-in on the readiness of the industry in tackling cyberthreats and its cybersecurity.

“Nuclear fallouts like the one happened after Chernobyl disaster and cyberthreats have something in common. A naked eye cannot see how the radiation from the decades-long incident have been affecting human health until present times. Likewise, the healthcare sector has yet to clearly diagnose the plague that has been causing damage to the industry and potentially affecting human health,” explains Kamluk. “Helen Keller once said that the only thing worse than being blind is having sight but no vision. While being deaf-blind person, she worked very hard and reached unbelievable heights. In cyberspace most of us are deaf-blind, because of invisible nature of the threats. But the question is are we working hard enough to be able to envision how those threats can affect our health and our lives?.”

About Kaspersky

Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at

Related Posts:

  • No Related Posts

New Bedford ransomware attack could happen in Boston

“Nobody is immune” from a cyberattack, said Samuel Curry, chief security officer of Cybereason, a Boston cybersecurity company. “The important thing …

The threat of a cyberattack like the one that recently hit the city of New Bedford is ever-present and the risk is heightened in large cities like Boston, cybersecurity experts say.

“Nobody is immune” from a cyberattack, said Samuel Curry, chief security officer of Cybereason, a Boston cybersecurity company.

“The important thing here is that you have to protect the constituents of your city, you have to protect the public good,” said Curry, who added that in the worst of attacks, an entire city could be affected with important public services like EMS or police out of commission.

“An entire town could go down for days or weeks,” said Curry.

Curry said protecting a city against a cyberattack comes down to planning and practice. Having proper controls in place, limiting the impact of the damage and backing up computers frequently are keys to making sure an attack isn’t detrimental.

“You should have a playbook that you open up and you’ve done the thinking when you’re not under pressure,” said Curry.

The average estimated business cost as a result of a ransomware attack — including ransom, work loss and time spent responding — is more than $900,000, according to SentinelOne, an endpoint security software company.

Chris Bates, vice president of security strategy at SentinelOne, said one thing that contributes to holes in cybersecurity in big cities is the frequent turnover of elected officials, leaving a “disjointed execution of a cybersecurity plan.”

“Most municipalities have not planned what to do with a true cyberattack and don’t understand the true ripple effect of a cyberattack,” said Bates.

Bates said something as simple as opening the wrong email or navigating to an unprotected website can kick off the chain of events that leads to an attack.

Tracking down a hacker could prove nearly impossible in some cases considering the crime could be conducted from another country, and hackers know how to erase their steps.

Curry said the solution rate for cyberattacks is very low. “If they get caught, it’s usually because they made a mistake.

“It’s not showing any sign of going away and ransomware is just hitting more people and making more money all the time,” said Curry.

Deciding whether to pay the ransom in an attack can be a tricky step. In New Bedford, hackers asked for a $5.3 million bitcoin ransom, which town officials did not pay.

Bates said paying a ransom is expensive but it could get the city’s system back in a timely manner. However, there is often no guarantee the hacker will completely comply if paid.

“Even if you are going to pay out, it is always better to get a ransomware negotiator,” said Bates.

The city of Boston protects information assets from unauthorized disclosure, theft, loss and destruction, and ensures they are available when needed, especially during emergencies, according to the city.

Greg McCarthy, chief information security officer for Boston’s cybersecurity team, said in a statement, “Creating a secure, convenient and reliable cyber system is a top priority in the City of Boston. The City of Boston’s Cybersecurity Team works every day to maintain and increase our city’s protections against cyber risk, and ensure all residents have access to reliable information and resources.”

Related Posts:

  • No Related Posts

Kaspersky: PH top APAC country with most number of attacks on medical devices

Yangon, Myanmar — Legacy and open source systems, outdated software, and vague, or the lack thereof, security postures are just few of the reasons …

Yangon, Myanmar — Legacy and open source systems, outdated software, and vague, or the lack thereof, security postures are just few of the reasons the Philippines — as well as other countries — is the top Asia Pacific country that recorded the most number of attacks against medical devices in the healthcare industry. It placed second globally after Venezuela.

These are the findings of the cybersecurity firm Kaspersky presented at its annual Cybersecurity Weekend 2019, which also shed light on the reasons cybercriminals are showing great interest in the medical sector.

Based on its collected data, Kaspersky found out that 7-in-10 of medical machines in Venezuela (77%), the Philippines (76%), Libya (75), and Argentina (73%) have become entry points for hackers to infiltrate hospital and pharmaceutical networks.

Two more countries in APAC were in the Top 15 nations with the most number of detected infections and these are Bangladesh (58%) and Thailand (44%).

Yury Namestnikov, Director of Global Research and Analysis Team, Russia, Kaspersky Lab, highlighted how clicking on a malicious link in a phishing email can lead to a cyber attack.

He also explained how outdated software or discontinued support services for Microsoft Office and the like could expand a network’s vulnerability. Office tops the list of exploit targets against medical organizations, which also includes web, USB, and (outdated) Android devices.

“Please patch (your) Office (systems),” advised Namestnikov. “All hacks lead to that.”

Network servers are not the only attack surface for hackers. Majority of the attacks are coursed through end-users’ computers, mobiles and tablets, IoT gadgets, as well as hospital machines that are connected to the internet inside a healthcare facility.

While hospitals and medical institutions have learned their lessons after the Wannacry ransomware attack in 2017, cybercriminals have shifted their target on pharmaceutical companies.

“As of 2019, pharmaceutical companies have fallen victims with 49% of attacks on devices compared to 44% in 2017 and 45% in 2018,” Namestnikov said.

Pakistan is No. 1 on the list with 54% recorded attacks on its pharmaceutical companies. In APAC, Indonesia tops the list (46%) and placed fourth globally. APAC dominated the list with India (45%), Bangladesh (42%), and Hong Kong (39%) rounding up the countries in the region. Brazil, Egypt, Mexico, Peru, and Spain complete the top 10 list.

In 2019, APT (advanced persistent threat) groups such as Cloud Atlas and APT10 (MenuPass and a Chinese-speaking APT) have set their sights on medical universities, research, and clinics as potential targets.

Namestikov said medical institutions need to rethink their cyber hygiene and start security awareness from the ground up.

“Organizations should at least do a minimum of cybersecurity,” Namestikov said.

Related Posts:

  • No Related Posts

Ransomware modifications double year-on-year in Q2 2019 – Kaspersky

Kaspersky researchers detected 16,017 new ransomware modifications in Q2 … to protect their devices by installing software updates regularly and choosing a … Kaspersky detected and repelled 717,057,912 malicious attacks from …

Kaspersky researchers detected 16,017 new ransomware modifications in Q2 2019 – including ones belonging to eight new malware families.

This is more than double the number of new samples detected a year ago, in Q2 2018 (7,620).

The Kaspersky IT Threat Evolution Q2 2019 report also highlights that more than 230,000 users were attacked during the quarter, along with other key findings.

A Trojan-Ransom can be equally successful in both private and corporate attacks, as its functionality is simple yet highly effective.

These Trojans encrypt files on a user’s computer and demand a ransom for the files to be released. The increase in malicious modifications and the appearance of new families is a dangerous sign that criminal activity is intensifying, with new malware versions emerging.

The second quarter of the year experienced a high number of infection attempts.

According to Kaspersky data, 232,292 unique users were targeted by such attacks – 46% more than a year ago, in Q2 2018 (158,921).

The countries with the largest share of attacked users were Bangladesh (9%), Uzbekistan (6%) and Mozambique (4%).

The ransomware family that attacked users most often in Q2 2019 (23.4% cases) was still WannaCry. Even though Microsoft released a patch for its operating system to close the vulnerability exploited by the ransomware two months prior to the start of the widespread and destructive attacks two years ago, it still remains in the wild.

Another major actor was Gandcrab with 13.8% share, despite its creators announcing that GandCrab wasn’t going to be distributed from the second half of the quarter.

Kaspersky security researcher Fedor Sinitsyn says, “In this quarter we observed an increase in the number of new ransomware modifications, even though the Gandcrab family closed down in early June. The GandCrab ransomware family has long been one of the most popular cryptors amongst cybercriminals.

“For more than 18 months it has stayed in the list of the most rampant ransomware families we detect, but even its decline did not lower the statistics, as there are still other numerous widespread Trojans.

Sinitsyn adds, “The GandCrab case is a good illustration of how effective ransomware can be, with its creators stopping their malicious activity after claiming they made a tremendous amount of money by extorting funds from their victims.

“We expect new actors to replace GandCrab and urge everyone to protect their devices by installing software updates regularly and choosing a reliable security solution.”

To reduce the risk of infection, Kaspersky advises private users to:

  • Always update your operating system to eliminate recent vulnerabilities and use a robust security solution with updated databases
  • Not pay the ransom if you find your files have been encrypted with cryptomalware. This will only encourage cybercriminals to continue and infect more people’s devices. It is better to find a decryptor on the internet – some are available for free.
  • Always have fresh backup copies of your files, so you can replace them in case they are lost (e.g. due to malware or a broken device) and store them not only on the device but also in cloud storage for greater reliability.

Other report findings include:

  • Kaspersky detected and repelled 717,057,912 malicious attacks from online resources located in around 200 countries and territories around the world (26% decrease compared to Q2 2018)
  • Attempted malware infections that aim to steal money via online access to bank accounts were registered on 228,206 user computers (six percent growth compared to Q2 2018)
  • Kaspersky’s antivirus file detected a total of 240,754,063 unique malicious and potentially unwanted objects (25% growth compared to Q2 2018)

Kaspersky mobile security products also detected 753,550 malicious installation packages (57% decrease compared to Q2 2018)

Related Posts:

  • No Related Posts