- The Washington Times - Tuesday, April 4, 2017

A “direct link” has been identified between North Korea and an advanced hacking group known as Lazarus, cybersecurity researchers said Monday, bolstering allegations surrounding Pyongyang’s involvement in a slew of global bank heists.

While speculation has swelled for months involving North Korea’s purported role in a hacking scheme that resulted in $81 million being stolen last year from the Bangladesh central bank, Russia’s Kaspersky Labs on Monday said its found forensic evidence potentially linking one to the other.

In a statement Monday, Kaspersky said a research partner came across the possible link while conducting a forensic analysis of a computer server used by a Lazarus subgroup known as Bluenoroff to command and control cyberattacks.


TOP STORIES
Michael Bloomberg says his live-in girlfriend would be 'de facto first lady' if he wins election
Evangelist Franklin Graham calls impeachment hearing 'a day of shame for America'
Rush Limbaugh producer 'Bo Snerdley' founds new PAC for black conservatives


Lazarus and Bluenoroff hackers typically masked their attacks by routing their internet traffic through proxy servers located in various parts of the world, Kaspersky reported. In one instance in January, however, a hacker connected to the group’s command-and-control server from a particularly unusual IP address originating in North Korea, according to Kaspersky.

The hacker appeared to have install a memory-intensive application on the server that subsequently caused it to crash, likely prompting the hacker to abort their operation without properly wiping away any evidence of their activities, Kaspersky concluded.



Though the connection far from definitively connects North Korea to the spree of global banking hacks, Kaspersky suggested the latest clue is the best evidence to emerge yet to support of the theory, lending credence to conclusions reached separately by competing researchers.

“This is the first time we have seen a direct link between Bluenoroff and North Korea,” Kaspersky Lab’s Global Research’s Analysis Team wrote in a blog post Monday.

North Korea is a very important part of this equation,” Vitaly Kamluk, the head of Kaspersky’s Asia-Pacific research team, told CNN.

In addition to last year’s last years’s Bangladeshi bank hack, cybersecurity researchers have previously linked the so-called Lazarus Groups to the 2014 cyberattack against Sony Pictures Entertainment, in addition to other high-profile intrusions.

Kaspersky declined to definitively link Lazarus to North Korea, but the firm suggested the sophistication of its cyberattacks on par with other nation states.

“This level of sophistication is something that is not generally found in the cybercriminal world. It’s something that requires strict organization and control at all stages of operation,” Kaspersky said.

Sign up for Daily Newsletters

Manage Newsletters

Copyright © 2019 The Washington Times, LLC. Click here for reprint permission.

Please read our comment policy before commenting.

 

Click to Read More and View Comments

Click to Hide