AXEL Network Products:

AXEL GO - share and store files securely.

LetMeSee - photo sharing app.

  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

AXEL.org

  • Network
  • Technology
  • Applications
  • Blog
  • About
    • Team
    • Press
    • Careers
    • Patents
  • Contact Us
  • Login
    • AXEL Go
    • AXEL Cloud

north korean hackers

December 23, 2021

The World’s Top Hacking Groups – Part 1

Click here to read Part 2 of AXEL’s blog on the world’s top hacking groups

Ever since the invention of computers, there have been hackers. However, in the early history of computers, “hackers” weren’t seen as shadowy, havoc-wreaking figures, but simply as enthusiasts. These early hackers tinkered with computers, and ended up creating some of the earliest computer programs. But as computers rapidly gained popularity in the 1980s, cybersecurity cracks were starting to show, and skilled individuals took advantage. In 1989, Joseph Popp created the first ransomware device: A floppy disk sent to world health professionals disguised as medical research. When inserted, the disk locked the user’s computer, and demanded the victim mail $189 to a PO Box in Panama [1]. 

While this early example of hacking is easy-to-understand, modern hacking and ransomware is far more complicated, not just from a technological standpoint, but from an organizational standpoint as well. Gone are the days of individual, hoodie-clad loners furiously typing on their computers in the dark. Today, the people who carry out the world’s worst hacks are part of hacking groups. After all, hackers are smart, and realize that they can do more damage working together, rather than alone. Most of the world’s worst hacks have occurred at the hands of a few hacking organizations, committed to causing chaos around the globe.

These groups have the money and manpower to cause digital devastation on a global scale:

Bureau 121 & Lazarus

North Korea has long been a mysterious, yet aggressive nation, and its state-sponsored hacking group is no exception. Although not much is known about Bureau 121, cybersecurity experts have tied the group to the North Korean government. However, because of the country’s poor infrastructure, experts believe that Bureau 121 plans and executes its operations in Shenyang, China, a city just 100 miles from the North Korean border [2]. The organization mostly targets South Korean businesses, unsurprisingly. One of its biggest attacks was a ransomware attack on South Korea’s Hydro & Nuclear Power Company, resulting in a massive data breach.

While North Korean hackers mostly focus on their South Korean neighbors, it gained worldwide notoriety when Lazarus Group, an affiliate of Bureau 121, attacked Sony Pictures. First, the group leaked thousands of emails between Sony Pictures executives, and leaked unannounced, upcoming films from the studio. More concerningly, the group threatened to commit acts of terrorism at movie theaters unless Sony’s film “The Interview,” a comedy whose plot includes the assassination of Kim Jong-Un, North Korea’s leader, was pulled from theaters [3]. The United States quickly tied the hack to North Korea, but because of the countries’ icy relationship, no arrests have been made.

Syrian Electronic Army

The Syrian Electronic Army (SEA) was formed during the Arab Spring, a series of anti-government protests and uprisings in the Middle East in the early 2010s. It was created to protect controversial Syrian President Bashar al-Assad from Syrian dissidents during the widespread protests [4]. Interestingly, cybersecurity experts are unsure if the group is sponsored by the Syrian government, or is simply a group of pro-Assad hackers [5]. In either case, the SEA is a vehemently pro-Assad organization that has two goals: Punish media organizations that are critical of Assad, and spread Syria’s state-sponsored narrative [4].

One of the SEA’s most famous hacks occurred in 2013, when the group hacked into the Associated Press’ Twitter account and falsely reported that then-President Obama was injured in an explosion at the White House [6]. This single Tweet caused stocks to plummet, highlighting just how much damage can be caused from hackers thousands of miles away. In addition to this notable AP hack, the SEA has hacked Western media organizations, including Facebook, Microsoft, and The New York Times.

Fancy Bear

Although this group may have a cuddly name, its actions are anything but soft. Cybersecurity experts widely believe Fancy Bear to be a Russian-sponsored hacking group responsible for a variety of hacks to advance Russian interests [7]. The group has committed attacks on Germany’s Parliament, French President Emmanuel Macron, and a variety of other Western governments [8]. The group typically uses well-disguised phishing emails to gain access to restricted information.

Fancy Bear used this strategy to pull off its most daring, consequential hack: an attack that leaked thousands of Democratic National Committee (DNC) emails in 2016 [9]. The cyberattack resulted in the public reveal of thousands of DNC emails, many of which were seen as controversial or simply embarrassing. While many countries spy on others during elections, this was one of the first times a foreign country was able to successfully meddle in a United States election. Although it’s impossible to determine if the 2016 Presidential election would have been different if Fancy Bear didn’t commit the attack, this hack showed how valuable, and devastating, cyberattacks can be before elections.

Anonymous

Perhaps the most famous hacking organization in the world, Anonymous is unlike any other group. Anonymous is decentralized, with no leader or physical hub. While this may sound like a disadvantage, this organization ensures that the group can continue its activities even if members drop out or are apprehended. Anonymous is a “hacktivist” group, and does not have specific goals or enemies. However, Anonymous certainly has a broad aspiration to promote freedom of speech and diminish government control [10].

Anonymous gained notoriety during its 2008 cyberattacks on the Church of Scientology, when the group managed to shut down the Church’s website. Following this attack, the organization gained popularity around the world, expanding the group’s hacking capabilities (and potential targets). The group targeted Tunisia’s government during the Arab Spring protests, Visa and MasterCard for declining to do business with WikiLeaks, and Bank of America for its shady mortgage practices [11].

Since 2008, Anonymous has continued to attack governments and organizations that break the group’s core beliefs. However, the long-term impact of these attacks are often negligible. Anonymous’s main strategy is a distributed denial of service (DDoS) attack. While DDoS attacks are successful in shutting down websites and gaining notoriety, once the website is back up, there are few long-term effects of Anonymous’s involvement. So although Anonymous is one of the most notorious hacking collectives in the world, more organized groups are able to cause greater long-term effects with their cyberattacks.

About AXEL

Hacking groups aren’t going away any time soon. That’s why data security and user privacy remain as important as ever. At AXEL we believe that privacy is a human right, and that your information deserves the best protection. That’s why we created AXEL Go. AXEL Go uses 256-bit encryption, blockchain technology and decentralized servers to ensure it’s the best file transfer software on the market. Whether you need cloud video storage or cloud file management, AXEL Go is the secure file hosting solution. If you’re ready to try the best file sharing app for PC and mobile devices, try two free weeks of AXEL Go here.

[1] Kelly, Samantha Murphy. “The Bizarre Story of the Inventor of Ransomware.” CNN. Cable News Network, May 16, 2021. https://www.cnn.com/2021/05/16/tech/ransomware-joseph-popp/index.html

[2] Lee, Dave. “Bureau 121: How Good Are Kim Jong-Un’s Elite Hackers?” BBC News. BBC, May 29, 2015. https://www.bbc.com/news/technology-32925503

[3] VanDerWerff, Emily, and Timothy Lee. “The 2014 Sony Hacks, Explained.” Vox. Vox, January 20, 2015. https://www.vox.com/2015/1/20/18089084/sony-hack-north-korea

[4] Harding, Luke, and Charles Arthur. “Syrian Electronic Army: Assad’s Cyber Warriors.” The Guardian. Guardian News and Media, April 30, 2013. https://www.theguardian.com/technology/2013/apr/29/hacking-guardian-syria-background

[5] Perlroth, Nicole. “Hunting for Syrian Hackers’ Chain of Command.” The New York Times. The New York Times, May 17, 2013. https://www.nytimes.com/2013/05/18/technology/financial-times-site-is-hacked.html?pagewanted=all&_r=0

[6] Moore, Heidi, and Dan Roberts. “AP Twitter Hack Causes Panic on Wall Street and Sends Dow Plunging.” The Guardian. Guardian News and Media, April 23, 2013. https://www.theguardian.com/business/2013/apr/23/ap-tweet-hack-wall-street-freefall

[7] O’Flaherty, Kate. “Midterm Election Hacking — Who Is Fancy Bear?” Forbes. Forbes Magazine, August 23, 2018. https://www.forbes.com/sites/kateoflahertyuk/2018/08/23/midterm-election-hacking-who-is-fancy-bear/?sh=5bccc7aa2325

[8] Hern, Alex. “Macron Hackers Linked to Russian-Affiliated Group behind US Attack.” The Guardian. Guardian News and Media, May 8, 2017. https://www.theguardian.com/world/2017/may/08/macron-hackers-linked-to-russian-affiliated-group-behind-us-attack

[9] Frenkel, Sheera. “Meet Fancy Bear, the Russian Group Hacking the US Election.” BuzzFeed News. BuzzFeed News, October 15, 2016. https://www.buzzfeednews.com/article/sheerafrenkel/meet-fancy-bear-the-russian-group-hacking-the-us-election

[10] Sands, Geneva. “What to Know About the Worldwide Hacker Group ‘Anonymous.’” ABC News. ABC News Network, March 19, 2016. https://abcnews.go.com/US/worldwide-hacker-group-anonymous/story?id=37761302

[11] “The 10 Craziest Hacks Done by Anonymous.” Complex. Complex, May 31, 2020. https://www.complex.com/pop-culture/2011/08/the-10-craziest-anonymous-hacks/

Filed Under: Cybersecurity, Tech Tagged With: cybersecurity, data privacy, hack, hackers, north korean hackers, Privacy, ransomware, russian hackers

December 4, 2020

A Look into North Korea’s Legion of Cyber Criminals

When it comes to infamous hacker gangs, Russian ones seem to garner the most attention. However, North Korea’s state-sponsored group is just as formidable. Here, we attempt to break down the rogue nation’s cyber army and see how it operates.

Bureau 121

The Reconnaissance General Bureau (RGB) of North Korea is the country’s intelligence agency, consisting of six different “bureaus.” Formed in 1998, Bureau 121 is the cyber warfare sector of the RGB. According to an intelligence report from the United States Army, this branch consists of four subgroups[1]. These include:

The Andarial Group: Andarial members assess targeted computer systems and identify vulnerabilities to use in future attacks.

The Bluenoroff Group: This group focuses on financial crime. Cyber theft is one of North Korea’s biggest revenue streams.

Electronic Warfare Jamming Regiment: They are in charge of jamming enemy computer systems during actual, on-the-ground war scenarios.

The Lazarus Group: The most notorious part of Bureau 121, The Lazarus group is an agent of social chaos. They infiltrate networks and deliver malicious payloads.

The Lazarus Group is often synonymous with the other three units, especially the financial crime division. It is unknown how many individuals comprise Bureau 121, but it is estimated to be thousands. Members often reside in other countries like Russia, China, Belarus, India, and Malaysia. This helps obscure the true origin of attacks and provides more robust electronic infrastructure to the malicious agents. Due to worldwide economic sanctions and a generally low industrial capacity, North Korea itself does not have access to the resources necessary to carry out large attacks.

An elite organization

North Korea’s internal policies and actions are opaque to the international community. However, defector testimony claims that the nation’s top computer science students from the University in Pyong Yang make up Bureau 121. These talented hackers then enjoy special privileges in North Korean society[2]. Instead of rundown tenements or rural farmhouses, they receive relatively posh -by North Korean standards- uptown apartments in the Capitol. With these kinds of unheard-of perks, it’s no wonder that people desire the positions.

Significant revenue generation

North Korea’s illicit digital activities replace a portion of what’s lost due to sanctions and flawed policies. In 2019, a United Nations report concluded that the rogue country gained $2 billion from cyberattacks[3]. Now, that sounds bad, but maybe it’s some sort of Robin Hood situation, where they steal from the rich to provide food and essentials for their ailing citizens? But no, the money actually went to their weapons division, specifically the nuclear weapons program. This makes North Korean hackers a threat to global security.

Notable attacks

2013 South Korea Cyberattack

In March 2013, North Korea unleashed a devastating cyberattack against their neighbors to the South. Utilizing the “DarkSeoul” malware, they infiltrated banking and media institutions throughout the country. Their top two television stations, the Korean Broadcasting System and MBC, suffered widespread computer issues but were able to stay on the air.

Popular banks such as the Shinhan Bank, Jeju, and NongHyup reported outages for their online banking and in-person services alike. Some even had their internal files erased. Luckily, they recovered most of the data from backups and restored operations within a few hours. Although resolved relatively quickly, it was still proof North Korea could cause chaos to their enemies.

The Sony hack

The November 2014 hack of Sony Pictures remains one of the most-publicized cyberattacks in history. It was a massive data breach that exposed a mountain of sensitive info. This ranged from personal information regarding employees and inter-office emails to plans for upcoming films, scripts, and complete cuts of then-unreleased movies.

If anyone doubted whether North Korea was responsible for the attack, it was all but verified when the hackers made their demands. The most adamant requirement was for Sony to nix the release of “The Interview.” For the readers out there unfamiliar with the intricacies of the Seth Rogen/Jame Franco buddy comedy genre, The Interview starred the famous duo attempting to assassinate the Supreme Leader of North Korea, Kim Jong Un. In the face of the hack, and under threats of terrorism by the attackers, Sony pulled the movie from theaters and released it online only.

The Sony hack was a huge deal. It led the United States to bring formal charges against North Korea and increased tensions to the point that it has never really recovered.

WannaCry ransomware

WannaCry is another extremely high-profile cybersecurity incident. In May of 2017, using a Microsoft Windows vulnerability, WannaCry infected hundreds of thousands of computers in less than a day! While only receiving a paltry (by successful ransomware standards) $130,000 in ransoms, the virus made a huge practical impact.

The biggest example of this was the attack on National Health Service hospitals in England and Scotland. Many of them had to turn away non-life-threatening emergencies, and the incident disrupted ambulance service throughout the region.

After the attack, the United States held a Congressional hearing with security professionals to solicit ideas about improving resiliency to such situations.

Recent activity

The hacks above had the most significant impact on global cybersecurity, but that doesn’t mean Bureau 121 slowed down in recent years. On the contrary, they’ve been extremely busy! The increased popularity of cryptocurrency gives entities like the Lazarus Group an easy way to transact with the organizations they attack and launder the ransoms afterward.

They outright target cryptocurrency-related companies too. Research indicates they use the professional social media platform LinkedIn to lure in unsuspecting employees and spear phish to penetrate network vulnerabilities[4]. These underhanded tactics result in lucrative ill-gotten gains. According to the UN report mentioned above, $571 million out of the $2 billion revenue was from cryptocurrency theft.

Phishers target AstraZeneca

Using the LinkedIn phishing method, the Lazarus Group set their sights on pharmaceutical giant AstraZeneca in late November. State agents posing as high-level recruiters flooded their employees with fake job offers. Then, they emailed the targets with malware attachments. Luckily, no one fell for the scheme, but it shows that Bureau 121 isn’t burdened by any moral compass.

AstraZeneca is one of the companies working on a viable COVID-19 vaccine. Cybersecurity researchers believe that North Korea is focusing on COVID-related organizations at the moment[5]. As one of only 11 countries without a reported COVID-19 case[6], perhaps they don’t see the harm in attacking a vaccine maker. For the rest of us, we can only hope they fail.

Protect your data

When you think of state-sponsored hacking groups, you may assume they only attack political targets. However, rogue nations like North Korea gain a considerable portion of their revenue from such endeavors, as you’ve seen. Therefore, assume that any organization with network vulnerabilities and substantial cashflow is susceptible.

Protect your sensitive data from threat actors by using AXEL Go to store and share files. AXEL Go is built on secure blockchain technology and utilizes robust encryption to keep your documents safe and private. It is available on Windows, Mac, iOS, and Android. So, no matter where your platform allegiances lie, you can enjoy secure, private file sharing. Our free basic account offers all the great features of AXEL Go with 2GB of free online storage. Download it now.

 

[1] “North Korean Tactics”, Department of the Army, July 2020, http://www.documentcloud.org/documents/7038686-US-Army-report-on-North-Korean-military.html

[2] Ju-min Park, James Pearson, “In North Korea, hackers are a handpicked, pampered elite”, Reuters, Dec. 4, 2014, https://www.reuters.com/article/us-sony-cybersecurity-northkorea/in-north-korea-hackers-are-a-handpicked-pampered-elite-idUSKCN0JJ08B20141205

[3] Michelle Nichols, “North Korea took $2 billion in cyberattacks to fund weapons program: U.N. report”, Reuters, Aug. 5, 2019, https://www.reuters.com/article/us-northkorea-cyber-un/north-korea-took-2-billion-in-cyberattacks-to-fund-weapons-program-u-n-report-idUSKCN1UV1ZX

[4] Anthony Cuthbertson, “North Korean Hackers Use LinkedIn for Cryptocurrency Heist, Report Reveals”, The Independent, Aug. 25, 2020, https://www.independent.co.uk/life-style/gadgets-and-tech/news/north-korea-hackers-lazarus-linkedin-cryptocurrency-a9687086.html

[5] Jack Stubbs, “Exclusive: Suspected North Korean hackers targeted COVID vaccine maker AstraZeneca – sources”, Reuters, Nov. 27, 2020, https://www.reuters.com/article/us-healthcare-coronavirus-astrazeneca-no/exclusive-suspected-north-korean-hackers-targeted-covid-vaccine-maker-astrazeneca-sources-idUSKBN2871A2

[6] Kaia Hubbard, “Countries Without Reported COVID Cases”, U.S. News, Nov. 13, 2020, https://www.usnews.com/news/best-countries/slideshows/countries-without-reported-covid-19-cases?slide=13

  • Share on Twitter Share on Twitter
  • Share on Facebook Share on Facebook

Filed Under: Cybersecurity, Uncategorized Tagged With: bureau 121, cybersecurity, hackers, lazarus group, North korea, north korean hackers, ransomware

Primary Sidebar

Recent Posts

  • AXEL News Update
  • AXEL Events
  • Biggest Hacks of 2022 (Part 2)
  • Biggest Hacks of 2022 (Part 1)
  • The State of Government Cybersecurity 2022

Recent Comments

  • Anonymous on Five Simple Security Tricks

Footer

Sitemap
© Copyright 2024 Axel ®. All Rights Reserved.
Terms & Policies
  • Telegram
  • Facebook
  • Twitter
  • YouTube
  • Reddit
  • LinkedIn
  • Instagram
  • Discord
  • GitHub