2023-10-27 11:26:09
North Korean hacking attack / News 1
Data recovery companies who conspired with North Korean hackers in advance to distribute ransomware, a malicious program, and then took 3.4 billion won from victims by password information to unlock the ransomware on portal sites were caught by the police. The police said that these hackers are presumed to be ‘Lazarus’, a hacker organization under the Reconnaissance General Bureau, which oversees North Korea’s operations against South Korea.
The National Police Agency’s National Security Investigation Unit charged five people, including the CEO and employees of data recovery agency A, who collected 3.4 billion won in recovery costs from 778 victims whose computers were infected with ransomware over a four-year period from October 2018 to September last year, for violating the Information and Communications Network Act. It was announced on the 27th that it had been handed over to the prosecution on charges of aiding and abetting extortion. Ransomware is a combination of ransom, which means ransom for a hostage, and malware. Hackers infiltrate computers with malware, encrypt important files, and extort money in return for decrypting them.
According to the police, Company A advertised on a portal site as a company that could solve passwords that other companies could not. In particular, ‘keyword ‘ was carried out with the intention of solving computer problems caused by specific ransomware. Keyword is a technique that allows the advertiser’s site to be exposed to people who search for specific words on portal sites.
However, the police investigation revealed that the distribution of this ransomware was led by a North Korean hacker group. Company A is said to have previously received a manual to unlock ransomware by collaborating with North Korean hackers. As a result of a search and seizure of Company A’s office, the police reportedly secured Telegram and e-mail containing conversations conspiring with North Korean hackers. Looking at the SNS conversations of company A employees obtained by the police, it is presumed that company A knew in advance that the hackers were members of the Lazarus organization and plotted a crime together.
Lazarus is a hacker organization linked to the Reconnaissance General Bureau, the headquarters of North Korea’s anti-South Korea operations, and was involved in the hacking of Sony Pictures in the United States in 2014, the hacking of the Central Bank of Bangladesh in 2016, and the WannaCry ransomware incident in 2017. Our government designated Lazarus as a target of cyber sanctions against North Korea in February.
An official at the National Police Agency said, “One of the suspects received a method to solve ransomware from a hacker in advance and then stated, ‘There will be a lot of ransomware calls starting the next day.’” He added, “In fact, starting from the next day, calls were made to ransomware victims. “They said a lot of people came,” he said. When victims contact Company A after the hacker distributes ransomware, they supplement the hacker’s threat with the message, “The hacker’s threat is true, so you can only recover the data by sending Bitcoin to the electronic wallet requested by the hacker.” It is said that a large amount of recovery agency fee (hacker negotiation fee + agency fee) was received through this method.
It is understood that the North Korean hacker received virtual currency (such as Bitcoin) from Company A, which is difficult to trace to the police, in return for this crime. Some of the electronic wallets from which Company A sent money were confirmed to be wallet addresses owned by a North Korean hacker group announced in the ‘ROK-US Joint Cybersecurity Advisory.’ A police official said, “To date, it has been confirmed that approximately 4.7 million won has been transferred to the virtual asset wallet of a North Korean hacking organization.”
Police are investigating the total amount of funds transferred to North Korean hackers. An official from the National Police Agency said, “A significant amount of the funds collected through crimes were transferred to specific online payment systems or virtual asset exchanges in Europe or Asia.” He added, “There is a possibility that a North Korean hacker group is using the account as a money laundering agency, and in addition to the confirmed cases, “It is possible that a significant amount of money may have flowed to a North Korean hacker group,” he said.
1698442245
#company #stole #billion #won #ransomware #league #North #Korean #hackers