Security researchers have indicted an elite group of hackers from North Korea for the recent waves of bank attacks ravaging globally. The experts asserted on Wednesday that this group has stolen money amounting to millions of dollars from different banks.
APT38 of North Korea Linked to Attack
FireEye, which is a cybersecurity firm, released a report yesterday where it pointed at APT38 of North Korea as the group behind hacking operations many banks are now facing.
The security research outfit says that APT38 is just an arm of a larger group of North Korean hackers named “Lazarus.” It, however, noted that this arm is so skilled and well-equipped that it has succeeded in carrying out possibly the most destructive cyber attack worldwide.
Sandra Joyce who is the Vice President, FireEye intelligence unit, specifically named cyberespionage campaign as the key skill behind the group’s success.
Joyce noted that one distinct working principle of ATP38 is patience. By this, she meant that the group does not rush in its operation. Before they launch their attacks, they can take up to a year studying their target. Giving their high level of precision, Joyce said they have defrauded banks of nothing less than $1 billion.
Explaining further, Joyce says the hackers employ malware that is destructive to cover up upon succeeding on their mission. This further makes the victims unsure of what step to take next.
Time Now to Act
In explaining why it decided to reveal this threat, FireEye said it was prompted by the necessity of an immediate action. According to it, this criminal group is still at work without being checked.
ATP38 is said to have hacked over sixteen organizations in not less than 11 countries of the world beginning from 2014. This is contained in the report made available by FireEye.
Among the organizations that have reportedly fallen victim of ATP38 hacking operations are Bangladesh Bank (2016), Vietnam TP Bank (2015), Far Eastern International Bank of Taiwan (2017), Bancomext of Mexico (2018), Banco de Chile (2018), and others.
Joyce hinted that ATP probably has human resources equalling that of a country but failed to give an exact figure.
Many of the information released by FireEye on APT38 are equally contained in a criminal complaint which was unsealed in the US last month. The complaint was against a certain Park Jin Hyok linked to the Sony Pictures attack and outbreak of WannaCry ransomware.
Nevertheless, the role of Park at ATP38 is quite limited as Joyce said the united mission of the group is money theft to finance the regime in North Korea. The report of FireEye is partly based on the forensic investigation it helped FBI to conduct on Park.