New North Korean Ransomware Threat to ‘Major Institutions’ Detected, Say South Korea, US
South Korean and United States intelligence agencies have warned that Pyongyang-based hackers are trying to hit “major international institutions” with ransomware attacks. But experts say that “overlapping sanctions” could help Seoul and Washington thwart North Korean cyber thieves.
Per the South Korean media outlets SBS and New Daily, the Seoul-based National Intelligence Service (NIS) warned that North Korea was “trying to steal virtual assets” by “distributing ransomware to major institutions located all around the world.”
The NIS made its announcement in conjunction with the US National Security Agency (NSA) and the Federal Bureau of Investigation (FBI). The move marks the first time that the US and South Korean intelligence agencies have issued a joint security advisory.
The NIS claims that North Korea-linked hacking organizations are now taking aim at the computer networks of “major institutions.” They claimed the North is targeting a variety of fields, including the health and medical care sectors.
The security agency claimed that hackers were making use of virtual private networks (VPNs). It also said the North was using “fake websites” and social media accounts.
Experts claimed that a coordinated response could help stop hackers in their tracks. Asia Kyungjae quoted Lim Jong-in, a professor at the Graduate School of Information Security at Korea University, as stating:
“If we use overlapping sanctions in cooperation with the United States, it will likely become more difficult for Pyongyang to launder the funds it hacks.”
Lim added that a new sanctions regime of this type would likely deter Chinese banks and other firms in the nation from cooperating with North Korea.
The professor said:
“[The threat of overlapping sanctions] would make it unlikely that Chinese financial institutions would risk helping North Korean hackers launder funds.”
‘Major’ Health Institutions Under Threat from North Korean Ransomware Hackers?
Officials believe Pyongyang is gearing up for major crypto-powered ransomware attacks on large healthcare providers. And they say the North is using its previous successes as a springboard.
Chosun reported that security officials believe that North Korean hackers were behind “successive security breaches” at two of South Korea’s leading hospitals in 2021. Seoul National University Hospital and Seoul St. Mary's Hospital both suffered serious breaches in the summer of 2021.
In December 2020, North Korean hackers were also blamed for an attempted attack on the health networks of South Korea’s prestigious Yonsei University.
Previous reports have claimed that Kimsuki, a group of hackers thought to work under the umbrella of the North Korean Reconnaissance General Bureau, masterminded the attacks.
Security experts have claimed that hackers use innocent-looking tools disguised to look like standard Microsoft Office files to spread malicious code. In recent months, Pyongyang has also been accused of running fake, virus-infested crypto exchanges.