North Korean Hackers Tied to $100 Million in SWIFT Fraud

A gang of North Korean government hackers, known as APT38, has been waging a sophisticated hacking campaign against banks in Asia and Africa, resulting in the theft of more than $100 million via fraudulent transfers through SWIFT, the global money-transfer network, says U.S. cybersecurity firm FireEye.

The advanced persistent threat group’s activities appear to overlap but be separate from the North Korean hacking groups known as Lazarus and Temp.Hermit, FireEye says.

The APT designation typically refers to attackers that wage long, sustained and stealthy attacks against preselected targets.

“Since at least 2014, APT38 has conducted operations in more than 16 organizations in at least 11 countries, sometimes simultaneously, indicating that the group is a large, prolific operation with extensive resources,” FireEye researchers say in a Wednesday blog post.

FireEye says it’s tied the group to the Pyongyang-based government of North Korea thanks in part to a Department of Justice criminal indictment against alleged hacker Park Jin Hyok.

It also cited separate technical reports published by Moscow-based cybersecurity firms Group-IB and Kaspersky Lab.FireEye says there appear to be multiple, semi-independent hacking groups sponsored by the North Korean government that share malware development resources.