A state-sponsored hacking group in North Korea is coordinating a massive espionage campaign against banks and other institutions worldwide, according to a detailed report by the cybersecurity firm FireEye.
North Korean cyber attacks against the United States and elsewhere have been widely reported over the years, but the FireEye report suggests the problem is bigger than authorities previously disclosed and links the attacks to one particular group named APT 38. The attackers have attempted to steal over $1 billion from banks that include Banco de Chile, Bancomext, Bangladesh Bank and Vietnam TP Bank over the past two years, the report says, as well as from cryptocurrency markets in the United States.
APT 38 has also targeted financial journalism publications and other institutions based in the United States, though the report does not name all of the the specific entities that were targeted
“We judge that APT38's primary mission is targeting financial institutions and manipulating inter-bank financial systems to raise large sums of money for the North Korean regime,” the report says.
While the operation may be sophisticated, some of the hacking tactics that the attackers have used sound strikingly similar to everyday hacks. In 2015, an account with the email firstname.lastname@example.org sent spear-phishing emails to a U.S. defense contractor -- yet another reminder to be wary of unfamiliar email addresses, particularly if you work in an industry that deals with the federal government or banks.
The report comes only a month after the Department of Justice charged two North Korean citizens for their alleged role in the 2014 hack on Sony Pictures and the more recent $81 million cyber theft from Bangladesh Bank.
Facebook faces fines
European regulators generally take data security much more seriously than regulators do in the United States, and that spells fresh trouble for Facebook.
The social media giant last Friday said that 50 million user accounts were affected by a “security issue” that allowed hackers to take over people's accounts. Facebook claims that they notified law enforcement immediately and have asked a total of 90 million users to reset their passwords as a “precautionary step.”
A Facebook executive said there is “no evidence” that third-party apps were accessed in the attack.
Regulators would prefer not to take Facebook’s word for it. The Irish Data Protection Commission, the lead privacy regulator for all of Europe, said it is investigating whether Facebook has actually followed the EU’s data protection laws. The agency may fine Facebook up to $1.6 billion.
Speaking of hacks tied to testy international relations, the DOJ on Thursday charged seven Russian intelligence officials with computer hacking, wire fraud, aggravated identity theft, and money laundering. The agency says that the officials targeted 250 athletes and anti-doping agencies across the world as retaliation for Russia's suspension from the International Olympic Committee in December.
In Pyongyang last year, clean Russian athletes could still compete in the games, but they had to compete as “neutral” athletes who were not officially representing their country.
A burger chain with stores across Oregon and Washington admitted Thursday that hackers stole customer credit card data over the course of a year.
Burgerville says that it initially thought the attack was a “brief intrusion” but only discovered recently that customers’ full credit card information was accessed. The chain says it still does not know how many people are affected.
"This was a sophisticated attack in which the hackers effectively concealed all digital traces of where they have been," Burgerville said.
Shortly after the announcement, a consumer filed a class-action lawsuit blaming weak security protections for the attack. As of now, the chain says that anyone who denied at the restaurant from September 2017 through September 2018 could be affected.
Nearly 19,000 employees of Toyota Industries, the car brand’s parent company, in Indiana were told by the company that an unknown third party accessed the corporate email system and possibly their healthcare information.
Affected employees are reportedly being offered one year of free credit monitoring in exchange for a breach in which their social security numbers, social security cards, home addresses, and more may have been exposed.
At the same time, Toyota Industries is also downplaying the threat, telling employees that they are “not aware of any misuse of personal information” and that Toyota Industries has “no evidence that this data was removed from its systems.”