South Africa targeted in North Korean cyber attack

South Africa was one of 17 countries hit by North Korean attackers to raise money for its weapons of mass destruction programmes, the Associated Press reported.

According to articles from the Associated Press and Reuters, members of the press have seen a report prepared for the UN Security Council which has not yet been published.

This Security Council report states that investigations are underway into at least 35 cases where North Koreans launched cyberattacks in 17 countries with the aim of raising funds.

In total, North Korea has reportedly raised up to $2 billion (R28.4 billion) through its cybercriminal activities.

South Korea, India, Bangladesh and Chile each reportedly suffered multiple attacks by North Korea.

One attack was reportedly suffered by thirteen countries: Costa Rica, Gambia, Guatemala, Kuwait, Liberia, Malaysia, Malta, Nigeria, Poland, Slovenia, South Africa, Tunisia, and Vietnam.

No details of the attack on South Africa are provided, but the report stated that there were three main methods North Korea used to raise cash:

• Attacks on the SWIFT system, which is typically used for cross-border money transfers between banks.
• Attacks on cryptocurrency exchanges and individual holders, where tokens were stolen.
• Mining of cryptocurrency.

The report stated that North Korea accessed bank infrastructure and employee computers to attack the SWIFT system, sending fraudulent messages and destroying evidence.

It also said that cryptojacking attacks were traced back to North Korea. It identified one instance where malware was used to mine Monero and send the mined tokens to servers at Kim Il Sung University in Pyongyang.

MyBroadband previously reported on the popular JavaScript add-on for websites that had been exploited to cause people’s computers to mine Monero.

In some instances, website operators such as The Pirate Bay knowingly placed the script on their webpages as an additional income stream. However, in many others cases sites were hacked and cryptojacking code injected in them.

This has culminated in an international investigation into cryptojacking in South Africa, with the Hawks assisting on the case.

MyBroadband also previously reported that the WannaCry ransomware attack which hit several South African companies, including Telkom, was linked to North Korean attackers.

Most recently, ZDNet reported that the US Department of Justice has formally charged a North Korean programmer for the WannaCry ransomware outbreak in addition to several other prominent cyber attacks.

It should be noted that although the US has linked WannaCry to North Korea, no mention of ransomware is made in the AP or Reuters articles on the report prepared for the UN Security Council regarding North Korea.

The Associated Press reported that the experts behind the unpublished report to the UN Security Council have called for increased sanctions — including the blocking of ships which provide petrol and diesel to North Korea.

Read: Massive WhatsApp security flaws could open your private messages to hackers