Suspects arrested in South Korea ATM hacking probe 'aided by North Korean'

Four individuals have been arrested by South Korean police for allegedly making a series of transactions using financial details hijacked from local ATMs by suspected North Korean hackers, according to Yonhap, the country's primary state news outlet.

This week (6 September), police reportedly detained three South Koreans and one Korean-Chinese national who are believed to have played a role in the scheme. Currently, the only personal details to emerge is that one suspect is a 29-year-old man with the surname "Cho".

Yonhap said the four individuals are suspected of purchasing more than 230,000 stolen financial records.

Police said a suspect claimed the data was bought via a "middle-man", but originated from a North Korean.

The scheme involved making illegal transactions, taking out illicit loans and the creation of cloned credit cards, police said during a press conference.

Officials said the amount of money netted in the scheme was 102.6 million won (£69,250, $90,370).

Investigators pledged to track down both the data broker and "another Korean man" involved in the scheme. Law enforcement has requested help from international agencies, state media added.

In March 2017, Yonhap said police launched an investigation after more than 60 ATMs were hacked.

The probe allegedly uncovered evidence that the malware in the hack was similar to a strain previously used to target the South Korean government last year.

In June 2016, North Korea was accused of hacking into more than 140,000 computers used by South Korea's government in order to plant malware. In December last year, it was named as the likely culprit in a massive cyberattack on the South's military Cyber Command.

Hackers linked to the Kim Jong-un's regime have been known to target ATMs and some security experts have said its actions more resemble an "organised crime ring" than a sophisticated group.

One of its most notorious hacking units is dubbed "Lazarus".

In July, South Korea's Financial Security Institute (FSI) released a report detailing how the North's hackers often appear to partake in low-level criminal activity, including planting malware on ATMs in order to hijack financial details and sell them on in the black markets.

As noted by The Wall Street Journal, the report said that North Korea's hackers have been known to sell financial data to people in "Taiwan, China and Thailand". In the past year, the reclusive nation has been linked to the Bangladesh Central Bank heist and the global WannaCry outbreak.