A United Nations panel enforcing trade sanctions against North Korea was hacked, The Washington Post reported, with email accounts of four members of the panel being compromised. The Washington Post was able to view a draft of an upcoming report from the U.N. Panel of Experts that outlines the account of the attack.
The U.N. panel members who were victims of the attack appear to have been duped by forged email messages with malicious files, the upcoming report states. The members were using Microsoft Office 365 software, and after an investigation by Microsoft, the company stated that it, too, associated the attack with a “nation-state.”
The report does not include any materials or information the hackers were able to acquire, but members of the panel regularly review secret intelligence analyses involving North Korea and leader Kim Jong Un. The panel’s primary focus was North Korea’s blatant disregard of current trade sanctions that lead the rogue nation to smuggle goods in and out of the country in an attempt to evade the watchful eye of the United Nations.
The U.N. sanctions limit trade and are aimed at undermining the North Korean economy in order to halt the country’s growing nuclear weapons efforts. The panel has been able to identify the smuggling schemes and continues to seek ways in which the U.N. can combat those efforts, which seems to have ultimately made the panel of interest for hackers.
“The panel continues to be targeted by a sophisticated hacking campaign,” according to the U.N. report expected to be released later this month.
While North Korea has been accused of countless hacks around the globe in the past, the upcoming report on this incident does not explicitly name the country as the perpetrator. However, a report earlier this month from FireEye, a California-based cybersecurity firm, named a North Korean cyber group known as APT37 (Reaper) that appears to be working on behalf of the government. The group’s target was also alleged to be an entity associated with the United Nations.
At this time, John Hultquist, director of intelligence analyses at FireEye, cautions that he, too, has no information directly linking this most recent U.N. attack to APT37.
But “on several occasions, we’ve seen countries leverage their cyberespionage capabilities to surveil organizations and people who are involved in sanctions,” Hultquist said. “We’ve been tracking this group for a few years now. Their targeting is overwhelmingly focused on North Korean interests — on defectors, on sanctions and on organizations involved in the reunification of Korea. They’ve also made mistakes that allowed us to see their Internet addresses — in North Korea.”