North Korea is known to be starved of Foreign funds due to UN sanctions. Provoked by this North Korea carried out a $13.5 million cyber heist of Cosmos Bank using a network across 28 countries by breaking its internal safety measures, according to the world body.
The Security Council’s panel of experts monitored the sanctions on North Korea said that the cyberattack in last year August was performed “by an advanced and highly skillful persistent threat group”.
The report by the panel of experts which was headed by Hugh Griffiths was released earlier this month by Council President Francois Delattre said, “In August 2018, about $13.5 million was withdrawn from Cosmos Bank in India in more than 14,000 simultaneous automatic teller machine (ATM) withdrawals in 28 countries, as well as in additional transfers to an account belonging to a Hong Kong-based company.”
“The Cosmos attack was a more advanced, well-planned and highly coordinated operation that bypassed three main layers of defense contained in International Criminal Police Organization (INTERPOL) banking/ATM attack mitigation guidance,” the report said.
Outlining the North Korean tactic, it said, “Not only were the actors able to compromise the SWIFT network in the Cosmos case to transfer the funds to other accounts, but they simultaneously compromised internal bank processes to bypass transaction verification procedures and order worldwide transfers to almost 30 countries where funds were physically withdrawn by individuals in more than 10,000 separate transactions over a weekend.”
SWIFT, which stands for Society for Worldwide Interbank Financial Transaction code, identifies banks for international financial transactions.
The transfers to the Hong Kong-based company’s account were made using SWIFT, the report said.
The report quoted a UN member country as saying that North Korea was using cyberspace for undercover operations “to acquire funds through a variety of measures in order to circumvent the sanctions”.
The US has charged North Korean hacker Park Jin Hyok, who was a member of the hacking organization known as the Lazarus Group and is also linked to North Korea’s Reconnaissance General Bureau, according to the UN report.
He is charged with engaging in “wide-ranging, multi-year conspiracy to conduct computer intrusions and commit wire fraud” on behalf of North Korea.
The report said that according to the US, Park “has traveled to China in the past and conducted legitimate IT (information technology) work under the front company ‘Chosun Expo’ or the Korean Expo Joint Venture”.
The report said that Park and his associates were also responsible for “fraudulent transfer of $81 million from Bangladesh Bank,” according to the US.
Banco de Chile was also targeted and lost $10 million, the report said.