North Korea’s new front: cyberheists
North Korea’s new front: cyberheists
In the face of sanctions over its banned nuclear and ballistic missile programs, the cash-strapped North is deploying an army of well-trained hackers with an eye on a lucrative new source of hard currency, they say.
Its cyberwarfare abilities first came to prominence when it was accused of hacking into Sony Pictures Entertainment to take revenge for “The Interview,” a satirical film that mocked its leader, Kim Jong-Un.
But it has rapidly expanded from political to financial targets, such as the central bank of Bangladesh and Bitcoin exchanges around the world, with Washington this week blaming it for the WannaCry ransomware that wreaked havoc earlier this year.
And a South Korean cryptocurrency exchange shut down on Tuesday after losing 17 percent of its assets in a hacking — its second cyberattack this year, with the North accused of being behind the first.
According to multiple South Korean reports citing Seoul’s intelligence agency, North Korean hackers approach workers at digital exchanges by posing as beautiful women on Facebook, striking online conversations and eventually sending files containing malicious code.
They also bombard executives with emails posing as job seekers sending resumes — with the files containing malware to steal personal and exchange data.
Moon Jong-Hyun, director at Seoul cybersecurity firm EST Security, said the North had stepped up online honeytrap tactics targeting Seoul’s government and military officials in recent years.
“They open Facebook accounts and maintain the online friendship for months before backstabbing the targets in the end,” Moon told a cybersecurity forum, adding many profess to be studying at a US college or working at a research think tank.
Simon Choi, director of Seoul cybersecurity firm Hauri, has accumulated vast troves of data on Pyongyang’s hacking activities and has been warning about potential ransomware attacks by the North since 2016.
The United States has reportedly stepped up cyberattacks of its own against Pyongyang.
But Choi told AFP: “The North’s hacking operations are upgrading from attacks on ‘enemy states’ to a shady, lucrative moneymaking machine in the face of more sanctions.”
Pyongyang’s hackers have showed interest in Bitcoin since at least 2012, he said, with attacks spiking whenever the cryptocurrency surges — and it has soared around 20-fold this year.
US cybersecurity firm FireEye noted that a lack of regulations and “lax anti-money laundering controls” in many countries make digital currencies an “attractive tactic” for the North.
Cryptocurrencies, it said in a September report, were “becoming a target of interest by a regime that operates in many ways like a criminal enterprise.”
It documented three attempts by the North to hack into Seoul cryptocurrency exchanges between May and July as a way to “fund the state or personal coffers of Pyongyang’s elite.”
In October, Lazarus, a hacking group linked with the North, launched a malicious phishing campaign targeting people in the bitcoin industry with a fake but lucrative job offer, according to US cybersecurity firm Secureworks.
Hacking attacks targeting digital currencies are only the latest in the long list of alleged online financial heists by the North.
The North is blamed for a massive $81 million cyber-heist from the Bangladesh Central Bank (BCB) in 2016, as well as the theft of $60 million from Taiwan’s Far Eastern International Bank in October.
Although Pyongyang has angrily denied the accusations — which it described as a “slander” against the authorities — analysts say the digital footprints left behind suggest otherwise.
The attack on the BCB was linked to “nation-state actors in the North,” cybersecurity firm Symantec said, while the Taiwanese bank theft had some of the “hallmarks” of Lazarus, according to the British defense firm BAE Systems.
Proceeds from such actions are laundered through casinos in the Philippines and Macau or money exchanges in China, said Lim Jong-In, a cyber-security professor at Korea University in Seoul, making it “virtually impossible” to trace.
The global WannaCry ransomware attack in May infected some 300,000 computers in 150 nations, encrypting their files and demanding hundreds of dollars from their owners for the keys to get them back.
Experts say that young hacking talents are handpicked at school to be groomed at elite Kim Chaek University of Technology or Kim Il Sung Military University in Pyongyang, and now number more than 7,000.
They were once believed to be operating mostly at home or neighboring China, but analysis by cybersecurity firm Recorded Future noted “significant physical and virtual North Korean presences” in countries as far away as Kenya and Mozambique.
FireEye CEO Kevin Mandia put the North among a quartet of countries — along with Iran, Russia and China — that accounted for more than 90 percent of cybersecurity breaches the firm dealt with.
Its hackers, he said, were “interesting to respond to and hard to predict.”
Passengers stranded as Cypriot airline goes bust
- Cobalt Air said it was canceling all flights from shortly before midnight “due to indefinite suspension of Cobalt’s operations”
- Cobalt’s grounding comes just two weeks after Latvia-based Primera Air filed for bankruptcy and a month since Belgian airline Skyworks took the same course
LARNACA, Cyprus: Cyprus said Thursday it will pay to ensure hundreds of Cobalt Air passengers stranded on the holiday island can return home safely after the sudden collapse of the low-cost carrier.
In a surprise announcement posted on its website late Wednesday, the airline said it was canceling all flights from shortly before midnight “due to indefinite suspension of Cobalt’s operations.”
It warned customers its offices would no longer be staffed and urged them to seek refunds through their credit card company or travel agent.
Cobalt’s grounding comes just two weeks after Latvia-based Primera Air filed for bankruptcy and a month since Belgian airline Skyworks took the same course.
The airline was launched only two years ago, filling the void to become the Mediterranean island’s biggest carrier after state-owned Cyprus Airways went bankrupt in January 2015.
Employing many pilots from the defunct national carrier, it went on to operate 13-15 flights daily, taking up to 3,000 passengers to 23 destinations including Athens, Beirut, Heathrow, Paris and Tel Aviv.
But late on Wednesday night, its website was abruptly replaced with a single-page statement announcing the cancelation of all of its flights from 23:50 pm.
Its last flight was reportedly in the air on the way back to Larnaca from London at the time.
“As a result, future flights or services provided by Cobalt will be canceled and will no longer operate,” the statement said, without elaborating on the reasons.
The airline advised passengers with tickets against going to Larnaca International Airport or attempting to contact its offices “as no Cobalt flights will operate and no Cobalt staff will be present.”
“We sincerely apologize once again and would like to thank our very loyal customers for their support over the last two years of Cobalt operations.”
Nine flights had been scheduled to arrive and nine to depart from Larnaca airport on Thursday.
Hundreds of passengers were left stranded, although it was not immediately clear exactly how many.
Airport authorities said there was no panic in the departures hall, with passengers appearing to have stayed away after learning about the airline’s fate and the flight cancelations.
On Thursday the Cypriot transport minister emerged from an emergency meeting on the situation to say everything would be done to minimize the inconvenience for those stuck in Cyprus and abroad.
Vassiliki Anastassiadou said Cyprus would cover the cost for passengers to return home up until October 24, while adding that this did not absolve the airline of its liabilities toward customers.
“The cost of the tickets will be covered by the state for repatriation purposes only,” the minister told reporters.
“We... feel the need to help passengers trapped either in Cyprus or abroad who want to return to their place of residence.”
Two travel operators on the island had been instructed to manage the repatriations and issue tickets on other airlines.
Anastassiadou described the situation as “regrettable” as it comes at time Cyprus is enjoying a surge in its vital tourism sector with arrivals in 2018 expected to exceed last year’s high of 3.6 million.
The minister confirmed the airline was struggling but had informed authorities it was looking for funding.
“It seems they were not able to do this, but we had also given Cobalt a deadline of October 22 to present its financial situation,” she said.
Officials told the state-funded Cyprus News Agency that Cobalt had accumulated tens of millions of dollars in debt since its first commercial flight in July 2016.
Other reports put the debt at around 100 million euros ($115 million).
They said Cobalt had ceased operations after failing to reach a deal with a potential European investor to help it pay for leasing its six aircraft — two Airbus 319s and four Airbus 320s.
Reportedly, the company had only 15 million euros left in its accounts, which it needed to pay its 200-air crew and 50 ground staff.
There was speculation that it was facing cash-flow problems after two of its aircraft were grounded for two days.
Although Cobalt refused to comment on the rumors, sources within the company reportedly attributed the liquidity problems to difficulties faced by Chinese investors in exporting capital due to Chinese government restrictions.
The airline’s largest shareholder is AJ Cyprus, with 49 percent of the shares. AJ Cyprus is owned by China’s AVIC Joy Air.
Cyprus is a hugely popular holiday hotspot for Britons — with over a million flying to the island each year.