from the will-hack-for-cash dept.
A report suggests that North Korean hackers are looking for money to steal as harsher sanctions are implemented against the country:
North Korean hackers are increasingly trying to steal cash rather than secrets, a South Korean government-backed report suggests. Cyber-criminals are targeting financial institutions as Pyongyang faces tough nuclear sanctions, the Financial Security Institute (FSI) claims. Suspected hacking attempts were until recently thought to be aimed at causing disruption or accessing data.
North Korea has routinely denied involvement in cyber-attacks. The FSI analysed cyber-attacks between 2015 and 2017. The impoverished country is now facing even tougher international sanctions aimed at stopping the flow of money that would support the development of its weapons programme.
Attacks cited include the "WannaCry" ransomware attacks, an attack on the Bangladeshi central bank, attacks by a group called "Andariel", and the 2015 attacks against South Korean banks that led to the formation of the Financial Security Institute.
Cybersecurity researchers at Symantec Corp. and FireEye Inc. have uncovered more evidence tying this month's WannaCry global ransomware attacks to North Korea.
The cyberattack that infected hundreds of thousands of computers worldwide was "highly likely" to have originated with Lazarus, a hacking group linked to the reclusive state, Symantec said. The software used was virtually identical to versions employed in attacks earlier this year attributed to the same agency, the company said in a report late Monday. FireEye on Tuesday agreed WannaCry shared unique code with malware previously linked to North Korea. "The shared code likely means that, at a minimum, WannaCry operators share software development resources with North Korean espionage operators," Ben Read, a FireEye analyst, said in an emailed statement.
[...] The initial attack was stifled when a security researcher disabled a key mechanism used by the worm to spread, but experts said the hackers were likely to mount a second attack because so many users of personal computers with Microsoft operating systems couldn't or didn't download a security patch released in March labeled "critical."
Here's a screenshot of Wana Decrypt0r 2.0. Note the Wikipedia licensing section.
Previously: Security In 2017: Ransomware Will Remain King
"Biggest Ransomware Attack in History" Hits Around 100 Countries, Disrupts UK's NHS
WannaCrypt Ransomware Variant -- Lacking Kill Switch -- Seen in Wild [Updated]
Decryption Utility for WannaCry is Released