It looks increasingly likely that the massive attack on the Bangladesh Central Bank via the Swift payment transfer system just over a year ago was the work of state-sponsored North Korean hackers – or ‘information soldiers’ as they are known in Pyongyang.
While in this instance they ‘only’ managed to scoop $81m of their targeted £900m, North Korea’s cyber army is viewed as an increasingly sophisticated international threat – preying on banks, finance and trading companies, casinos and crypto-currency firms. And whilst not all operations are quite as successful as the Swift/Bangladesh Central Bank one, the group does continuously manage to steal millions of dollars across its numerous attacks.
The hackers, code-named Lazarus, have also been linked to previous attacks on Sony Pictures and Polish banks. In the UK, BAE Systems estimates that Lazarus has targeted at least seven British banks, alongside many more in the US, Poland and Mexico. Its toolkit is believed to be extensive and varied, giving it the potential to deliver malicious tools, exfiltrate data and launch destructive attacks. A crucial identifier of their operation is their ability to completely wipe disks, making their attacks all the more damaging – and the tracing of their activities more difficult.