Threat actors working for North Korea have also been hired by others to hack websites and extort targets, the U.S. government says in a new cyber alert.
A joint advisory published on Wednesday by the U.S. Department of State, the Department of Treasury, the DHS, and the FBI provides guidance on the North Korean cyber threat and summarizes associated activities.
The United States has released numerous advisories and alerts describing North Korean threat actors, their operations and their tools. The U.S. has officially attributed the 2014 Sony Pictures breach, the 2016 Bangladesh Bank cyberheist, the 2017 WannaCry attack, the 2016 FASTCash campaign aimed at ATMs, and the 2018 attack on a cryptocurrency exchange to North Korea.
The government, which refers to North Korea’s cyber activities as Hidden Cobra, says the “DPRK has the capability to conduct disruptive or destructive cyber activities affecting U.S. critical infrastructure.” A $5 million reward has been offered for information on North Korea’s illegal activities in cyberspace.
Cybersecurity firm FireEye has pointed out that the latest advisory reveals that North Korean threat actors have also worked as hackers-for-hire.
“DPRK cyber actors have also been paid to hack websites and extort targets for third-party clients,” the advisory reads.
John Hultquist, senior director of intelligence analysis at FireEye, believes this is the most interesting revelation in the report.
“Though we knew that these operators were involved in freelancing and other commercial activity such as software development we had no evidence that they were carrying out intrusions and attacks on behalf of anyone other than the North Korean regime,” Hultquist told SecurityWeek.
He added, “It’s not uncommon for states to tap commercial or criminal talent which then carries on parallel criminal activity, but it is rare for us to find evidence of state actors carrying out criminal side operations with the government’s knowledge. Ultimately, this is yet more evidence that North Korea is heavily invested in their cyber capability and taking every opportunity to leverage and monetize it.”
*updated with information on the reward offered by the US government
Related: UN Report: North Korea Cyber Experts Raised Up to $2 Billion
Related: North Korean Hackers Continue to Target Cryptocurrency Exchanges
Related: USCYBERCOM Shares More North Korean Malware Samples
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
- Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products
- Waterfall Security, TXOne Networks Launch New OT Security Appliances
- Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm
- New York Man Arrested for Running BreachForums Cybercrime Website
- Exploitation of Recent Fortinet Zero-Day Linked to Chinese Cyberspies
- Mozilla Patches High-Severity Vulnerabilities With Release of Firefox 111
- Microsoft: 17 European Nations Targeted by Russia in 2023 as Espionage Ramping Up
Latest News
- Google Suspends Chinese Shopping App Amid Security Concerns
- Verosint Launches Account Fraud Detection and Prevention Platform
- Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
- Zoom Paid Out $3.9 Million in Bug Bounties in 2022
- Oleria Scores $8M Seed Funding for ID Authentication Technology
- Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
- News Analysis: UK Commits $3 Billion to Support National Quantum Strategy
- Malicious NuGet Packages Used to Target .NET Developers
