North Korea’s state-sponsored hacking groups have carried out major cyberattacks in recent years. These groups carry out their cyber campaigns by targeting financial institutions, public sectors and governments, while avoiding international laws and accountability.
WazirX attack: North Korean hacking group Lazarus stole 230 million USD.
Cyber warfare: North Korea uses cyber attacks as an economic and political weapon.
Hacking Techniques: Phishing, malware, and targeting developers.
WazirX hack case
In 2024, India’s leading cryptocurrency exchange WazirX suffered a cyber attack, in which more than USD 230 million worth of cryptocurrencies were stolen. A joint statement from Japan, the US and South Korea confirmed that the attack was carried out by North Korea’s Lazarus Group.
How does North Korea’s cyber program work?
North Korean hacking groups are not ordinary cybercriminals. According to American cyber security firm Mandiant, these groups work under the Reconnaissance General Bureau (RGB). The RGB, which is part of North Korea’s military, is operated under the leadership of Supreme Leader Kim Jong-un.
institutions
Reconnaissance General Bureau (RGB)
Performs covert operations and intelligence gathering.
It consists of six bureaus, whose work is to provide surveillance, foreign intelligence, technology, and support.
United Front Department (UFD)
It is responsible for spreading propaganda in South Korea and undermining its political interests. Broadcasts pro-DPRK propaganda using an “online army” of cyber trolls.
Ministry of State Security
Promotes strategic military, political and economic interests by gathering covert intelligence.
Hacking Techniques and Strategies
North Korean hacking campaigns are renowned for their deception and persistence. These groups use techniques such as phishing, malware, and targeting cryptocurrency exchanges.
Main Strategies
Targeting developers
Developers are trapped by giving fake job offers on platforms like LinkedIn and GitHub.
Through these offers, they motivate developers to download such files, which contain dangerous malware.
Fake Software Kit
According to *Google Threat Analysis Group*, fake software and phishing schemes were carried out under campaigns like “Operation Dream Job” and “Operation AppleJesus
Cryptocurrency Theft
According to reports, North Korean hacking groups have stolen more than USD 2 billion worth of cryptocurrencies in recent years.
The stolen money is hidden by money laundering through fake accounts and middlemen.
Major Hacking Groups
Several hacking groups operate under RGB, some of the prominent ones are:
1. Alluring Pisces (Lazarus): Targets financial institutions.
2. Gleaming Pisces: Cryptocurrency-focused operation.
3. Jumpy Pisces: Cyber espionage and ransomware.
4. Selective Pisces: Targets media, defense and IT sectors.
5. Sparkling Pisces: Expert in intelligence gathering and raising funds for cyber crimes.
Major cyber attacks
- Sony Pictures Hack: Sensitive Data Leaked.
- Bangladesh Bank Heist: 81 million USD stolen from Bangladesh Bank.
- WannaCry Ransomware: Global cyber attacks.
- India’s Kudankulam Nuclear Power Plant: Sensitive nuclear data stolen in 2019.
