A group of hackers is reportedly responsible for millions of dollars in bank heists in recent years which they used to help fund the North Korean regime/
According to new research from the cybersecurity firm FireEye, the group, called APT38, sets itself apart from other Pyongyang-linked hackers by being much more financially motivated as opposed to focusing on pure espionage.
APT38 is responsible for some of the most high-profile attacks on financial institutions during the last few years including the $91m heist of Bangladesh’s central bank in 2016 and an attack on a Taiwanese bank in 2017.
While North Korean hackers had previously been publicly linked to these attacks, FireEye’s report provides a detailed look at the group’s tactics and explains how it was able to carry out numerous bank heists.
Raising funds for the North Korean regime
As Pyongyang felt increasing pressure from international sanctions, APT38 worked behind the scenes to raise money for the regime. In total, the group tried to steal $1.1bn from financial institutions around the world according to FireEye.
Vice President of global intelligence at FireEye, Sandra Joyce provided further insight on APT38’s operations, saying:
“They conduct the bank heists like criminals except they use espionage techniques. They take time, they sit in the system, they understand the process. The hallmark of this group is that it deploys destructive malware” after stealing money from an organization, not only to cover its tracks, but [also] in order to distract defenders, complicate the incident response process, and gain time to get out the door.”
FireEye also tracked another group of North Korean hackers it calls TEMP.Hermit. While both groups share malware and other resources, APT38’s operations are “more global and highly specialised for targeting the financial sector.”