There are fresh worries that North Korea’s army of hackers is attacking financial institutions to support the Pyongyang dictatorship and perhaps finance its weapons development projects.
According to a report released on Tuesday by the cybersecurity company Recorded Future, North Korean-aligned actors have been sending emails and documents that, if opened, could give the hackers access to crucial systems while impersonating well-known financial institutions in Japan, Vietnam, and the United States.
According to the research from Recorded Future’s Insikt Group, “the targeting of investment banking and venture capital businesses may disclose sensitive or secret information of these entities or their clients.”
It warned that doing so “[could] lead to legal or regulatory action, damage ongoing commercial discussions or agreements, or reveal information harmful to the company’s strategic investment portfolio.”
According to the research, the most recent flurry of activity used more than 20 domain names, three new internet addresses, and two older ones between September 2022 and March 2023.
Some of the domains mimicked those used by the financial firms that were the target.
Threat Activity Group 71 (TAG-71), also known as APT38, Bluenoroff, Stardust Chollima, and the Lazarus Group, was identified as the perpetrators of the assaults by Recorded Future.
The U.S. imposed sanctions on three members of the Lazarus Group in April after accusing them of assisting North Korea in the conversion of stolen virtual currency into cash.
Just last month, U.S. Treasury authorities imposed new restrictions against North Korea’s Technical Reconnaissance Bureau, which creates the instruments and activities that the Lazarus Group will use.
The Lazarus Group is thought to be behind the greatest virtual currency heist to date, taking over $620 million in connection with a well-known online game called Match 2022.
In a continuous effort to gather information, North Korean cyber actors have been posing as think tanks, universities, and journalists, according to a warning issued earlier this month by U.S. and South Korean agencies.