N Korea uses Stolen Cryptocurrency to Fund its Missile Program

Sanctions kinda work and kinda don’t work…seems in the case of North Korea..they have failed.

In 2017, North Korea tested several missiles demonstrating what seemed to be rapid advances in its military technology.

The Hwasong-12 was thought to be able to reach as far as 4,500km (2,800 miles), putting US military bases on the Pacific island of Guam well within striking distance.  source

The Academy of National Defense Science conducts long-range cruise missile tests in North Korea, as pictured in this combination of undated photos supplied by North Korea's Korean Central News Agency (KCNA) on 13 September 2021

Later, the Hwasong-14 demonstrated even greater potential, with a range of 8,000km although some studies suggested it could travel as far as 10,000km if fired on a maximum trajectory.

This would have given Pyongyang its first truly intercontinental ballistic missile, capable of reaching New York.

Eventually, the Hwasong-15 was tested, peaking at an estimated altitude of 4,500km – 10 times higher than the International Space Station.

If fired on a more conventional “flatter” trajectory, the missile could have a maximum range of some 13,000km, putting all of the continental US in range.

North Korea continued to develop its nuclear and ballistic missile programs during the past year and cyberattacks on cryptocurrency exchanges were an important revenue source for Pyongyang, according to an excerpt of a confidential United Nations report seen on Saturday by Reuters.

The annual report by independent sanctions monitors was submitted on Friday evening to the U.N. Security Council North Korea sanctions committee.

“Although no nuclear tests or launches of ICBMs (intercontinental ballistic missiles) were reported, DPRK continued to develop its capability for production of nuclear fissile materials,” the experts wrote.

North Korea is formally known as the Democratic People’s Republic of Korea (DPRK). It has long-been banned from conducting nuclear tests and ballistic missile launches by the U.N. Security Council. Since 2006, North Korea has been subject to U.N. sanctions, which the Security Council has strengthened over the years in an effort to target funding for Pyongyang’s nuclear and ballistic missile programs.

The sanctions monitors noted that there had been a “marked acceleration” of missile testing by Pyongyang.

The United States and others said on Friday that North Korea had carried out nine ballistic missile launches in January, adding it was the largest number in a single month in the history of the country’s weapons of mass destruction and missile programs.

CYBERATTACKS, ILLICIT TRADE

The monitors said “cyberattacks, particularly on cryptocurrency assets, remain an important revenue source” for North Korea and that they had received information that North Korean hackers continued to target financial institutions, cryptocurrency firms and exchanges.

“According to a member state, DPRK cyberactors stole more than $50 million between 2020 and mid-2021 from at least three cryptocurrency exchanges in North America, Europe and Asia,” the report said.

The monitors also cited a report last month by cybersecurity firm Chainalysis that said North Korea launched at least seven attacks on cryptocurrency platforms that extracted nearly $400 million worth of digital assets last year.

In 2019, the U.N. sanctions monitors reported that North Korea had generated an estimated $2 billion for its weapons of mass destruction programs using widespread and increasingly sophisticated cyberattacks.

The latest report said North Korea’s strict blockade in response to the COVID-19 pandemic meant “illicit trade, including in luxury goods, has largely ceased.”

Over the years the U.N. Security Council has banned North Korean exports including coal, iron, lead, textiles and seafood, and capped imports of crude oil and refined petroleum products.

“Although maritime exports from DPRK of coal increased in the second half of 2021, they were still at relatively low levels,” the monitors said.

“The quantity of illicit imports of refined petroleum increased sharply in the same period, but at a much lower level than in previous years,” the report said. “Direct delivery by non-DPRK tankers to DPRK has ceased, probably in response to COVID-19 measures: instead, only DPRK tankers delivered oil.”

North Korea’s humanitarian situation “continues to worsen,” the report said. The monitors said that was probably due to the COVID-19 blockade, but that a lack of information from North Korea meant it was difficult to determine how much U.N. sanctions were unintentionally harming civilians.

***

Military equipment is seen during a military parade to commemorate the 8th Congress of the Workers' Party in Pyongyang, North Korea January 14, 2021 in this photo supplied by North Korea"s Central News Agency (KCNA).  Missiles on display at a January 2021 military parade

“From 2020 to 2021, the number of North Korean-linked hacks jumped from four to seven, and the value extracted from these hacks grew by 40%,” Chainalysis said in a report.

The hackers used a number of techniques, including phishing lures, code exploits and malware to siphon funds from the organisations’ “hot” wallets and then moved them into North Korea-controlled addresses, the company said.

Chainalysis said it is likely that many of last year’s attacks were conducted by the so-called Lazarus Group, a hacking group which the US has applied sanctions against.

The group is believed to be controlled by North Korea’s primary intelligence bureau, the Reconnaissance General Bureau.

The Lazarus Group has previously been accused of involvement in the “WannaCry” ransomware attacks, the hacking of international banks and customer accounts and cyber-attacks on Sony Pictures in 2014.

“Once North Korea gained custody of the funds, they began a careful laundering process to cover up and cash out,” the report on last year’s cyber attacks added.

A United Nations panel that monitors sanctions on North Korea has accused Pyongyang of using stolen funds to support its nuclear and ballistic missile programmes as a way to avoid international sanctions.

Separately, in February last year, the US charged three North Korean computer programmers with a massive hacking spree aimed at stealing more than $1.3bn in money and cryptocurrency. BBC

N.Korea Tests First ‘Strategic’ Cruise Missile

Japan’s chief cabinet secretary Katsunobu Kato said the country had “significant concerns” and was working with the US and South Korea to monitor the situation.

The US military said the test showed North Korea’s “continuing focus on developing its military programme”, adding that its commitment to defending allies South Korea and Japan remained “ironclad”.

Top-level officials from the three countries are due to meet this week to discuss North Korea’s denuclearisation process.

South Korea’s military is also doing an in-depth analysis of the launches with US intelligence authorities, the news agency Yonhap reports.

  • Tests involved new, long-range cruise missiles – KCNA
  • New missiles represent serious capability for N.Korea – analysts
  • U.S. military: Launches highlight threat to N.Korea’s neighbours
  • Tests came before meeting by U.S., Japan, S.Korea to discuss N.Korea

SEOUL, Sept 13 (Reuters) – North Korea carried out successful tests of a new long-range cruise missile over the weekend, state media said on Monday, seen by analysts as possibly the country’s first such weapon with a nuclear capability.

The missiles are “a strategic weapon of great significance” and flew 1,500 km (930 miles) before hitting their targets and falling into the country’s territorial waters during the tests on Saturday and Sunday, KCNA said.

The latest test highlighted steady progress in Pyongyang’s weapons programme amid a gridlock over talks aimed at dismantling the North’s nuclear and ballistic missile programmes in return for U.S. sanctions relief. The talks have stalled since 2019.

North Korea’s cruise missiles usually generate less interest than ballistic missiles because they are not explicitly banned under U.N. Nations Security Council Resolutions.

“This would be the first cruise missile in North Korea to be explicitly designated a ‘strategic’ role,” said Ankit Panda, a senior fellow at the U.S.-based Carnegie Endowment for International Peace. “This is a common euphemism for nuclear-capable system.”

It is unclear whether North Korea has mastered the technology needed to build warheads small enough to be carried on a cruise missile, but leader Kim Jong Un said earlier this year that developing smaller bombs is a top goal.

The two Koreas have been locked in an accelerating arms race that analysts fear will leave the region littered with powerful new missiles.

South Korea’s military did not disclose whether it had detected the North’s latest tests, but said on Monday it was conducting a detailed analysis in cooperation with the United States.

The U.S. military’s Indo-Pacific Command (INDOPACOM) said it was aware of the reports and was coordinating with its allies and partners.

“This activity highlights (North Korea’s) continuing focus on developing its military program and the threats that poses to its neighbours and the international community,” INDOPACOM said in a statement.

Rodong Sinmun, the ruling Workers’ Party’s official newspaper, ran photos of the new cruise missile flying and being fired from a transporter-erector-launcher.

The test provides “strategic significance of possessing another effective deterrence means for more reliably guaranteeing the security of our state and strongly containing the military manoeuvres of the hostile forces,” KCNA said.

The Academy of National Defense Science conducts long-range cruise missile tests in North Korea, as pictured in this combination of undated photos supplied by North Korea's Korean Central News Agency (KCNA) on September 13, 2021.   KCNA via REUTERS    ATTENTION EDITORS - THIS IMAGE WAS PROVIDED BY A THIRD PARTY. REUTERS IS UNABLE TO INDEPENDENTLY VERIFY THIS IMAGE. NO THIRD PARTY SALES. SOUTH KOREA OUT. NO COMMERCIAL OR EDITORIAL SALES IN SOUTH KOREA.     TPX IMAGES OF THE DAY
The Academy of National Defense Science conducts long-range cruise missile tests in North Korea, as pictured in this combination of undated photos supplied by North Korea’s Korean Central News Agency (KCNA) on September 13, 2021. KCNA via REUTERS ATTENTION EDITORS – THIS IMAGE WAS PROVIDED BY A THIRD PARTY. REUTERS IS UNABLE TO INDEPENDENTLY VERIFY THIS IMAGE. NO THIRD PARTY SALES. SOUTH KOREA OUT. NO COMMERCIAL OR EDITORIAL SALES IN SOUTH KOREA. TPX IMAGES OF THE DAY

It was seen as the North’s first missile launch after it tested a new tactical short-range ballistic missile in March. North Korea also conducted a cruise missile test just hours after U.S. President Joe Biden took office in late January.

SERIOUS CAPABILITY

Jeffrey Lewis, a missile researcher at the James Martin Center for Nonproliferation Studies, said intermediate-range land-attack cruise missiles were no less a threat than ballistic missiles and were a pretty serious capability for North Korea.

“This is another system that is designed to fly under missile defence radars or around them,” Lewis said on Twitter.

Cruise missiles and short-range ballistic missiles that can be armed with either conventional or nuclear bombs are particularly destabilising in the event of conflict as it can be unclear which kind of warhead they are carrying, analysts said.

Kim Jong Un did not appear to have attended the test, with KCNA saying Pak Jong Chon, a member of the Workers’ Party’s powerful politburo and a secretary of its central committee, oversaw it.

The reclusive North has long accused the United States and South Korea of “hostile policy” toward Pyongyang.

The unveiling of the test came just a day before chief nuclear negotiators from the United States, South Korea and Japan meet in Tokyo to explore ways to break the standoff with North Korea.

China’s foreign minister, Wang Yi, is also scheduled to visit Seoul on Tuesday for talks with his counterpart, Chung Eui-yong.

Biden’s administration has said it is open to diplomacy to achieve North Korea’s denuclearisation, but has shown no willingness to ease sanctions.

Sung Kim, the U.S. envoy for North Korea, said in August in Seoul that he was ready to meet with North Korean officials “anywhere, at any time.”

A reactivation of inter-Korean hotlines in July raised hopes for a restart of the negotiations, but the North stopped answering calls as annual South Korea-U.S. military exercises began last month, which Pyongyang had warned could trigger a security crisis.

In recent weeks South Korea became the first non-nuclear state to develop and test a submarine-launched ballistic missile.

Reporting by Hyonhee Shin and Josh Smith; Additional reporting by Idrees Ali in Washington; Editing by Daniel Wallis, Peter Cooney and Lincoln Feast.

NK Hackers are Robbing Banks Around the World

Primer:

North Korea’s Foreign Ministry on Saturday called the United States a “mastermind of cybercrime” as it responded to a report detailing Pyongyang’s efforts to hack banks.

In an English-language statement posted on the ministry’s website, a spokesperson for the country’s “National Coordination Committee for Anti-Money Laundering and Countering the Financing of Terrorism” denied the regime’s link to any online criminal activities, claiming there was no truth to the “preposterous rumors” circulated by the United States.

The U.S. Treasury Department and three federal agencies including the FBI said in an alert issued Wednesday that hackers attempted to initiate fraudulent money transfers and ATM “cash-outs” from multiple countries that appeared to be part of the North’s “extensive, global cyber-enabled bank robbery scheme.” More here.

US govt warns of North Korean hackers targeting banks ... source/article

The BeagleBoyz have made off with nearly $2 billion since 2015, and they’re back to attacking financial institutions after a short lull in activity.

The BeagleBoyz, part of the North Korean government’s hacking apparatus, are back to targeting banks around the world after a brief pause in activity.

The US Cybersecurity and Infrastructure Security Agency (CISA) has released an alert with details of how the BeagleBoyz have made off with an estimated $2 billion in fiat and cryptocurrency since 2015, along with details on how financial institutions can protect themselves against their known patterns of attack.

Along with the theft of massive amounts of money that the United Nations believes is used for North Korea’s nuclear weapons and ballistic missile programs, the robberies also pose a serious risk to financial institutions’ reputations, their operations, and public confidence in banking, CISA said.

The BeagleBoyz aren’t typical cybercriminals either: They conduct “well-planned, disciplined, and methodical cyber operations more akin to careful espionage activities,” CISA warns. “Over time, their operations have become increasingly complex and destructive. The tools and implants employed by this group are consistently complex and demonstrate a strong focus on effectiveness and operational security.”

The group has used a variety of approaches to gaining initial access: Spear phishing, watering holes, social engineering, malicious files, and even contracted third-party hacking groups have been used for initial penetration.

Once inside a network, the BeagleBoyz have again used a wide variety of approaches to meet their objectives, establish a persistent presence, evade defense, and harvest credentials of privileged users.

CISA said that the BeagleBoyz appear to seek out two particular systems in a financial institution’s network: It’s SWIFT terminal and the server hosting the payment switch application for the bank. They map networks using locally-available administrative tools, deploy a constantly evolving list of command and control software, and ultimately try to make off with any possible money they can get their hands on via fraudulent ATM cashouts.

“After gaining access to either one or both of these operationally critical systems, the BeagleBoyz monitor the systems to learn about their configurations and legitimate use patterns, and then they deploy bespoke tools to facilitate illicit monetization,” CISA said.

It isn’t known if the BeagleBoyz have successfully targeted a US-based financial institution, and CISA’s report suggests they’ve been active primarily in other parts of the world. That doesn’t mean they won’t attempt to break into a US-based bank: Everyone in the cybersecurity arm of the financial industry should be alert.

Protecting against the BeagleBoyz

CISA makes the following mitigation suggestions based on particular industry:

All financial institutions:

Institutions with retail payment systems:

  • Require chip and PIN for all transactions
  • Isolate payment system infrastructure behind multiple authentication factors
  • Segment networks into separate, secure enclaves
  • Encrypt all data in transit
  • Monitor networks for anomalous behavior

Institutions with ATMs or point-of-sale devices:

  • Validate issuer responses to financial request messages
  • Implement chip and PIN for debit transactions

These suggestions come along with general good security habits such as enforcing strong password policies, keeping all systems up to date, disabling all unnecessary services on workstations, scanning documents and emails for potential malicious code, and staying up to date on the latest threats.

 

N. Korea has 60 Nuclear Bombs, 5000 tons of Chemical Weapons

An Army report has the following information in part regarding North Korea:

A new assessment made by the United States Department of the Army estimates that the North Korean regime is in possession of massive amounts of conventional and non-conventional weapons that they are “highly likely” to use in specific circumstances, according to the Yonhap News Agency.

The assessment was published in a report entitled “North Korean Tactics,” and attributes North Korea’s huge armaments program to a desire to “prevent other countries from contemplating regime change.” Apparently, Kim Jong-un, the North Korean dictator, took note of what happened to his Libyan counterpart Muammar Gaddafi and “does not want something similar to happen” to him. (Gaddafi was killed by rebel Libyan forces, after a multi-national force including NATO countries attacked Libya with the stated goal of imposing an arms embargo, sanctions, and an assets freeze against regime leaders.)

According to the report, North Korea already has between 20 and 60 nuclear bombs and “the capacity to produce six new devices each year.” It also boasts the world’s third-largest stockpile of chemical weapons – between 2,500 and 5,000 tons of various substances – and is engaged in research into biological warfare as well. “Only one kilogram of anthrax could kill up to 50,000 people in Seoul,” the capital of South Korea, the report’s authors note.

Another ongoing source of concern is North Korea’s Cyber Warfare Guidance Unit, which employs over 6,000 computer hackers who “can successfully conduct invasive computer warfare activities from the safety of its own territory.” North Korean operatives are known to already be operating in several foreign countries including Belarus, China, India, Malaysia, and Russia.

Negotiations between the United States and North Korea broke down entirely following an unproductive summit between Kim Jong-un and US President Donald Trump in February, 2019.

Further details in the report to Congress includes:

North Korea’s military “uses tactics based on former Soviet or current Russian doctrine, Chinese developments, lessons learned, and observation of recent military actions,” according to a new US Army manual on the subject.

“While North Korea maintains large amounts of military equipment, much of it is outdated making it quantitatively superior to most armies but qualitatively inferior,” the new manual said. See North Korean Tactics, Army Techniques Publication (ATP) 7-100.2, 24 July 2020.

But North Korea has proved resourceful in other areas, including offensive cyber warfare.

“The primary organization responsible for computer warfare in North Korea is Bureau 121, which fielded at least 1,000 elite hackers in 2010 who focused on other countries’ computer systems. This number is likely much higher now” and includes “cyberspace teams [deployed] in foreign countries.”

And not least of all, “The country’s possession of a nuclear arsenal and its pursuit of missile technology are attempts to ensure that external powers do not interfere with its internal affairs for fear of a nuclear reprisal,” the Army manual said.

 

“North Korea is constantly adapting and evolving its capabilities,” the Army said.

***

Formed in the late 1990s, Bureau 121 is unit 121 of the General Bureau of Reconnaissance in North Korea’s military. (now made up of 6000 hackers)

Part of the unit is sometimes known as the DarkSeoul Gang, according to a report by Reuters.

Despite being one of the poorest countries in the world, North Korea puts a lot of its cash into Bureau 121.

North Korea is still technically at war with South Korea and cyber-warfare is arguably its best weapon. Coming from a defector in 2015, more details were provided to the BBC.

There is an official training school for the younger hacking applicants.

North Korea's Bureau 21 cyber-warriors trained up for ... source

Students sent to the Military school after graduating from Geumseong Middle School in the capital. A report into the cyber threat written by US Major Steve Sin in 2009 revealed Unit 121 had a base in Chilbosan Hotel, in Shenyang, China, from where could launch its attacks.The 164-room three star hotel – which is jointly owned by the North Koreans and Chinese. More details here. 

Google Sent Users 40,000 Warnings

Primer questions: Did other tech companies do the same and if so, how many? What does Congress know and where are they with a real cyber policy?

Google’s threat analysis group, which counters targeted and government-backed hacking against the company and its users, sent account holders almost 40,000 warnings in 2019, with government officials, journalists, dissidents, and geopolitical rivals being the most targeted, team members said on Thursday.

The number of warnings declined almost 25 percent from 2018, in part because of new protections designed to curb cyberattacks on Google properties. Attackers have responded by reducing the frequency of their hack attempts and being more deliberate. The group saw an increase in phishing attacks that impersonated news outlets and journalists. In many of these cases, attackers sought to spread disinformation by attempting to seed false stories with other reporters. Other times, attackers sent several benign messages in hopes of building a rapport with a journalist or foreign policy expert. The attackers, who most frequently came from Iran and North Korea, would later follow up with an email that included a malicious attachment.

Color-coded Mercator projection of the world.

“Government-backed attackers regularly target foreign policy experts for their research, access to the organizations they work with, and connection to fellow researchers or policymakers for subsequent attacks,” Toni Gidwani, a security engineering manager in the threat analysis group, wrote in a post.

Top targets

Countries with residents that collectively received more than 1,000 warnings included the United States, India, Pakistan, Japan, and South Korea. Thursday’s post came eight months after Microsoft said it had warned 10,000 customers of nation-sponsored attacks over the 12 previous months. The software maker said it saw “extensive” activity from five specific groups sponsored by Iran, North Korea, and Russia.

Thursday’s post also tracked targeted attacks carried out by Sandworm, believed to be an attack group working on behalf of the Russian Federation. Sandworm has been responsible for some of the world’s most severe attacks, including hacks on Ukrainian power facilities that left the country without electricity in 2015 and 2016, NATO and the governments of Ukraine and Poland in 2014, and according to Wired journalist Andy Greenberg, the NotPetya malware that created worldwide outages, some that lasted weeks.

The following graph shows Sandworm’s targeting of various industries and countries from 2017 to 2019. While the targeting of most of the industries or countries was sporadic, Ukraine was on the receiving end of attacks throughout the entire three-year period:

Sandworm’s targeting efforts (mostly by sector) over the last three years.
Enlarge / Sandworm’s targeting efforts (mostly by sector) over the last three years.
Google

Tracking zero-days

In 2019, the Google group discovered zero-day vulnerabilities affecting Android, iOS, Windows, Chrome, and Internet Explorer. A single attack group was responsible for exploiting five of the unpatched security flaws. The attacks were used against Google, Google account holders, and users of other platforms.

“Finding this many zeroday exploits from the same actor in a relatively short time frame is rare,” Gidwani wrote.

The exploits came from legitimate websites that had been hacked, links to malicious websites, and attachments embedded in spear-phishing emails. Most of the targets were in North Korea or were against individuals working on North Korea-related issues.

The group’s policy is to privately inform developers of the affected software and give them seven days to release a fix or publish an advisory. If the companies don’t meet that deadline, Google releases its own advisory.

One observation that Google users should note: of all the phishing attacks the company has seen in the past few years, none has resulted in a takeover of accounts protected by the account protection program, which among other things makes multifactor authentication mandatory. Once people have two physical security keys from Yubi or another manufacturer, enrolling in the program takes less than five minutes.