SEOUL • North Korea's state-sponsored hackers are increasingly going after money rather than secrets, according to a report by a South Korean government- backed institute.
Formerly, most such attacks appeared intended to cause social disruption or purloin secret data, and the targets were generally the computer networks of government agencies or media companies in countries it saw as hostile.
The best-known example was a 2014 attack on computers at Sony Pictures Entertainment.
That kind of attack is still occurring, but in the past few years, North Korean hackers seem to have become more interested in cash, the Financial Security Institute said in its report on Thursday.
It said North Korean-linked hackers were behind the digital theft of US$81 million (S$110 million) from Bangladesh's central bank last year. The North Koreans also tried to breach Polish banks, leaving traces that led anti-hacking experts to believe the hacking group also planned to steal money from more than 100 other organisations around the world.
North Korea is isolated, impoverished and desperately short of foreign currency to pay for imports. Even so, it has trained a large army of hackers, originally as an inexpensive means of espionage, sabotage and propaganda, but now also as a moneymaker.
Russian cyber security firm Kaspersky Lab has identified a hacking group called Bluenoroff that it says is to blame for attacks on foreign financial institutions, like those in Poland and Bangladesh. Bluenoroff is said to be an offshoot of Lazarus, the North Korea-linked hacking group implicated in earlier hits.
Examples of North Korea's cash hacking operations:
• US$81 million (S$110 million) cyber heist at the Bangladesh central bank last year
• At least seven hacking attacks on banks, defence contractors and other businesses in South Korea over the past two years
• Stealing bank-card data and using it to draw cash from bank customers' accounts or selling the data on the black market
• Using malware to hack into online poker and other gambling sites
The new report identified another Lazarus spin-off, which it named Andariel, and said it was behind at least seven hacking attacks on banks, defence contractors and other businesses in South Korea over the past two years.
"Bluenoroff and Andariel share a common root," the report said. "If Bluenoroff has attacked financial firms around the world, Andariel focuses on businesses and government agencies in South Korea." The report also said the Andariel group had increasingly shifted from destructive attacks on computer networks to crimes like stealing bank-card data and using it to draw cash from bank customers' accounts or selling the data on the black market. "Andariel is believed to focus on earning hard currency," it said.
The Financial Security Institute said the report was partly conjectural and did not represent an official South Korean view.