N Korean hacker group tied to attacks on banks

An elite group of North Korean hackers has been identified as the source of a wave of cyberattacks on global banks that has netted “hundreds of millions” of dollars, security researchers said yesterday. A report by the cybersecurity firm FireEye said the newly identified group dubbed APT38 is distinct from but linked to other North Korean hacking operations, and has the mission of raising funds for the isolated Pyongyang regime.

FireEye researchers said APT38 is one of several hacking cells within an umbrella group known as “Lazarus,” but with unique skills and tools that have helped it carry out some of the world’s largest cyber heists. “They are a cybercriminal group with the skills of a cyberespionage campaign,” said Sandra Joyce, FireEye’s vice president of intelligence, in a briefing with journalists in Washington.

Joyce said one of the characteristics of APT38 is that it takes several months, sometimes nearly two years, to penetrate and learn the workings of its targets before its attacks, which have sought to illegally transfer more than $1 billion from victimized banks. “They take their time to learn the intricacies of the organization,” Joyce said.

Once they succeed, she added, “they deploy destructive malware on their way out” to hide their traces and make it more difficult for victims to find out what happened.