North Korea tried earlier this week to hack into the systems of an Israeli company that deals in the field of cryptocurrency and to siphon money that Pyongyang planned to use for its nuclear program, N12 reported on Monday.
The hacking attempt was carried out by North Koreans posing as the company's Japanese supplier. The intrusion attempt was quickly detected by personnel of the cyber-security company "Konfidas," which managed to stop the hack.
Authorities said that the attempt was professional and sophisticated and that unfamiliar cyber tools were used - something that caught the attention of relevant authorities in Israel.
"These attacks don't happen overnight. The pattern of operation of most attacks is that in the first step, you have a conversation with a person on the other side, who gains your trust, then they send a malicious file that contains the virus that is destined to reach the computer, and from the moment it reaches the computer, they start spreading on the network to reach financial assets or information they need and then do what they want," CEO of Konfidas Ram Levy told 103FM on Tuesday.
Penetrating the systems of financial institutions and employing the use of hackers are known practices of North Korea, which almost brought down the Central Bank of Bangladesh in this way. In Israel, this was only an initial attempt - which ended without success.
"Ransom demands usually occur in economic attacks; those who are behind them are criminals and they intend to steal information and ask for a ransom in exchange for not publishing the information and releasing the systems," Levy said. "In this case, the North Korean modus operandi is a pattern in which they simply spy, steal money and disappear. There is no interaction with the user except that he has to open the malicious files with which you take over the systems."
In this case, the North Korean modus operandi is a pattern in which they simply spy, steal the money and disappear. There is no interaction with the user except that he has to open the malicious files with which you take over the systems."
CEO of Konfidas Ram Levy
North Korean hacking patterns
North Korean hackers are thought to be behind the theft of as much as $100m in cryptocurrency from a US company in June, as the regime steps up attempts to secure funding for its nuclear and ballistic missile programs, according to The Guardian.
The assets were stolen from "Horizon Bridge," a service operated by the Harmony blockchain that allows assets to be transferred to other blockchains, three digital investigative firms have concluded.
Activity by the hackers since the theft suggests they may be linked to North Korea – believed to be highly active in the field of offensive cyber penetration.
The style of attack and high velocity of structured payments to a mixer – used to obscure the origin of funds – is similar to previous attacks that were attributed to North Korea-linked actors, according to Chainalysis, a blockchain firm working with Harmony to investigate the attack.