North Korea hackers try to take RM4.6b in global bank attacks


NEW YORK • A North Korean hacking group has tried to steal at least US$1.1 billion (RM4.58 billion) in a series of attacks on global banks over the past four years, according to cyber security firm FireEye Inc.

The hackers, which FireEye identified as APT38, have infiltrated more than 16 organisations in 11 countries including the US, and stolen more than US$100 million. The group has hacked heavily defended servers at banks and spent time scouring their networks. Security officials should be alarmed, FireEye said last week in a report.

“They understand banking networks pretty well,” Charles Carmakal, VP of consulting at FireEye, said in an interview. “And they probably have geopolitical considerations behind the timing, location of their attacks.”

The most prominent attack by APT38 was the theft of funds from the Bangladeshi central bank’s accounts at the US Federal Reserve (Fed) in 2016. In that case, the hackers got the Fed to transfer some US$100 million by sending fake wiring orders. About US$40 million was recovered when the hack was discovered and transfers reversed before they could be withdrawn.

In January, Mexico’s state-owned trade bank thwarted the attempted theft of US$110 million using similar methods. In May, a Chilean bank lost US$10 million. Both attacks were carried out by APT38, FireEye said in the report.

North Korean diplomats and official media have denied that the country plays any role in cyber attacks.