November 3, 2020
In the last four years, North Korea has proven itself to be one of the biggest in the world of cyber-espionage. Security researchers from US-based security firm FireEye revealed that there are three major hacking groups that are operating in North Korea. Two of them are responsible for cyber-espionage while the third is behind some of the biggest attacks on banks and financial institutions in recent history. The espionage groups are called TEMP.Hermit and Lazarus Group while APT38 is financially motivated.
APT38’s first activity dates back to 2014. It is assumed by FireEye that North Korea’s dwindling financial resources led to the military state bringing funds through hacking and other unorthodox methods. FireEye revealed that cryptocurrency exchanges, banks, and financial institutions were APT38’s major targets. APT38 hackers are responsible for hacks all over the world including in countries like Malaysia, Poland, Vietnam, and other small countries.
FireEye believes that APT38 has attempted to steal over $1.1 billion but made off with at least $100 million. Even though many of the bank heists were not successful, the attacks revealed a lot about the hacker group’s mode of operations that fall in line with nation-state hacking groups and not the usual cyber-criminals.
APT38 chooses to wait for months before initiating subsequent attacks, and they spend time on surveillance and reconnaissance to develop target-specific tools. FireEye elaborated "APT38 also takes steps to make sure they remain undetected while they are conducting their internal reconnaissance. On average, we have observed APT38 remain within a victim network approximately 155 days, with the longest time within a compromised system believed to be 678 days (almost two years)."
The group’s activity is expected to continue in the future. However, with advancements in security, many of the future attempts are likely to be thwarted. If North Korea’s currency continues to deteriorate, the group will become more active than ever.