Lesser-known North Korea cyber-spy group goes international: report

Binary code is seen on a screen against a North Korean flag in this illustration photo November 1, 2017. REUTERS/Thomas White/Illustration

By Eric Auchard

FRANKFURT (Reuters) – A North Korean cyber espionage group previously known only for targeting South Korea’s government and private sector deepened its sophistication and hit further afield including in Japan and the Middle East in 2017, security researchers said on Tuesday.

Cyber attacks linked by experts to North Korea have targeted aerospace, telecommunications and financial companies in recent years, disrupting networks and businesses around the world. North Korea rejects accusations it has been involved in hacking.

U.S. cyber security firm FireEye said the state-connected Reaper hacking organization, which it dubbed APT37, had previously operated in the shadows of Lazarus Group, a better-known North Korean spying and cybercrime group widely blamed for the 2014 Sony Pictures and 2017 global WannaCry attacks.

APT37 had spied on South Korean targets since at least 2012 but has been observed to have expanded its scope and sophistication to hit targets in Japan, Vietnam and the Middle East only in the last year, FireEye said in a report.

The reappraisal came after researchers found that the spy group showed itself capable of rapidly exploiting multiple “zero-day” bugs – previously unknown software glitches that leave security firms no time to defend against attacks, John Hultquist, FireEye’s director of intelligence analysis said.

“Our concern is that their (international) brief may be expanding, along with their sophistication,” Hultquist said.

“We believe this is a big thing”.

APT37 has focused on covert intelligence gathering for North Korea, rather than destructive attacks or financial cyber crime, as Lazarus Group and other similar hacking groups have been shown to engage in order to raise funds for the regime, it said.

The group appears to be connected to attack groups previously described as ScarCruft by security researchers at Kaspersky and Group123 by Cisco’s Talos unit, FireEye said.

“We assess with high confidence that this activity is carried out on behalf of the North Korean government given malware development artefacts and targeting that aligns with North Korean state interests,” the security report said.

From 2014 until 2017, APT37 concentrated mainly on South Korean government, military, defense industrial organizations and the media sector, as well as targeting North Korean defectors and human rights groups, the report said.

Since last year, its focus has expanded to include an organization in Japan associated with the United Nations missions on human rights and sanctions against the regime and the director of a Vietnamese trade and transport firm.

Its spy targets included a Middle Eastern financial company as well as an unnamed mobile network operator, which FireEye said had provided mobile phone service in North Korea until business dealings with the government fell apart.

FireEye declined to name the firm involved, but Egypt’s Orascom <OTMT.CA> provided 3G phone service in the country via a joint venture from 2002 to 2015, until the North Korean regime seized control of the venture, according to media reports.

Asked for comment, a spokeswoman for Orascom said she had no immediate knowledge of the matter and was looking into it.

(Reporting by Eric Auchard, and Nadine Awadalla in Cairo, Editing by William Maclean)

TruNews: Charges In Massive Cyberattacks against JPMorgan Chase & Co

TRUNEWS – Prosecutors have announced criminal charges for three men accused of helping to run a series of hacking and fraud schemes, including an attack in 2014 against JPMorgan Chase & Co that generated hundreds of millions of dollars in illegal profit.

Gery Shalon, Joshua Samuel Aaron and Ziv Orenstein are named in a 23-count indictment, the three are accused of crimes involving at least nine financial services companies and media outlets, as well as online casinos, payment processing for criminals, and an illegal bitcoin exchange.

A fourth man, Anthony Murgio, is also named in the bitcoin exchange scam.

The charges are the first to be connected to the attack on JPMorgan, in which 83 million customers had their personal data accessed; prosecutors are calling it the largest theft of customer data from a US financial institution.

Other companies who were affected include E Trade  Financial, which says it’s contacted some 31,000 customers who may have been affected.

JPMorgan says it continues to work with authorities in an effort to fight further cybercrimes.