North Korean leader Kim Jong Un speaks on September 19, 2018 in Pyongyang, North Korea. Over the past several years, North Korea has continued to perfect its hacker armies. | Pyeongyang Press Corps/Pool/Getty Images Cybersecurity North Korean hackers tied to massive global theft

North Korean government hackers have made off with hundreds of millions of dollars by targeting financial institutions globally, then hiding their tracks with destructive cyberattacks, a cybersecurity firm said Wednesday.

The group dubbed APT38 by the company FireEye is also believed to have had a hand in the largest cyber-heist in history, the 2016 Bangladesh Bank theft of $81 million. In total, the hackers have been connected with attempts to steal more than $1 billion in 11 countries.


Over the past several years, North Korea has continued to perfect its hacker armies that have carried out some of the most devastating digital attacks around the world. Last month, the Justice Department unsealed charges against Park Jin Hyok for his part in the 2014 Sony Pictures hack as well as for aiding in the Bangladesh theft and the damaging WannaCry malware outbreak.

And despite signs of a break in the historically tense relations between Washington and Pyongyang, the charges against Park represent the first time U.S. authorities have publicly pointed the finger at North Korea as the culprits behind some of the most infamous cyberattacks ever.

The group FireEye identified appears to be one of North Korea's most dangerous — and effective — hacker assets that remains active. It has conducted attacks before, during and since the Trump administration's diplomatic outreach to Pyongyang.

Morning Cybersecurity A daily briefing on politics and cybersecurity — weekday mornings, in your inbox. Email Sign Up By signing up you agree to receive email newsletters or alerts from POLITICO. You can unsubscribe at any time. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

"This is a very insidious group," said Sandra Joyce, vice president of global intelligence for FireEye. "It will destroy networks and steal millions and millions of dollars."

In one case, the hackers rendered 10,000 workstations and servers completely inoperable, according to the firm.

APT38 is part of the Lazarus Group, a broader North Korean-linked hacking group, that focuses on financial gain, according to FireEye. It's known for its cunning and ability to escape detection until it can escape a victim's network with a payload. It hid in victims' networks for an average 115 days.

FireEye has spoken with law enforcement officials around the globe about the group.



This article tagged under: North Korea

Hackers