Cyberattacks orchestrated by North Korean hackers are reportedly financially motivated. Pyongyang's state-backed hackers are increasingly targeting global financial institutions to steal money for the impoverished reclusive nation.
Experts say that the hackers have reportedly targeted, bank accounts, ATMs and online poker, all in efforts to make money as North Korea grapples with international sanctions to disrupt its nuclear weapons program.
Pyongyang has previously been suspected of orchestrating the Bangladesh Bank heist, which saw $81m stolen. Security experts link the theft to a hacker group called Lazarus, which in turn was found to be tied to North Korea. According to a report by South Korea's Financial Security Institute (FSI), two hacker groups, named Bluenoroff, first detected by Kaspersky Lab and Andariel, believed to be offshoots of Lazarus, have been attacking South Korean and international organisations, Reuters reported.
"Bluenoroff and Andariel share their common root, but they have different targets and motives," FSI said it its report. "Andariel focuses on attacking South Korean businesses and government agencies using methods tailored for the country."
Experts believe that over the last two years, Andariel hackers attacked at least seven attacks on South Korean banks, defence contractors and other businesses. Experts say that these attacks mark a major shift in motives of North Korean hackers, indicating that money, not cyberespionage is the new goal.
"We've seen an increasing trend of North Korea using its cyber espionage capabilities for financial gain. With the pressure from sanctions and the price growth in cryptocurrencies like Bitcoin and Ethereum - these exchanges likely present an attractive target," said Luke McNamara, senior analyst at FireEye, a cybersecurity company.
The Andariel hacker group, which experts believe has been active since 2016, has also reportedly been found hacking ATMs, selling bank information on underground black markets and attacking online poker and gambling sites.
The New York Times reported that Pyongyang is now estimated to have a 1,700 strong cyber army, according to South Korean officials. Experts believe that some of North Korea's hackers are also located abroad, employed as IT professionals in China, Southeast Asia and Europe, while awaiting instructions from the Kim Jong-un led regime to mount attacks.