Authorities recently said North Korea has perpetuated an even broader global hacking campaign that has targeted as many as 17 other countries, following a suspected cyberattack aimed at Turkish banks last month the Wall Street Journal reported this week.
Cyber research group McAfee, LLC, identified the campaign as “Operation GhostSecret,” which was carried out from March 14 to March 26.
Suspected North Korean-linked hackers targeted a variety of industries including critical infrastructure, telecommunications, health and higher education in order to steal sensitive data and information.
The targeted countries were mainly from the Asia Pacific region, but the U.S. was also included.
McAfee said it is difficult to know for sure what the hackers gained from the attacks, but the security group claimed that they could have deleted files, stolen data or studied the networks for weaknesses in order to prepare for future attacks.
“They’re in your network. They’re learning about you, understanding how you operate,” said Raj Samani, McAfee’s chief scientist.
McAfee said with “high confidence” that Operation GhostSecret is the work of a North Korean-linked hacking operative known to be Lazarus, based on similarities between the Turkish bank attack and other known campaigns.
Lazarus is the same group that was blamed for last year’s WannaCry ransomware attack that affected some 200,000 computers in 150 countries and the 2014 Sony Pictures hack that released confidential employee information.
The U.S., U.K and Australia formally accused North Korea of the attacks, but the country ultimately denied any involvement in both incidents.
McAfee identified the cyberattacks on Turkish financial institutions in early March, which included compromised Microsoft Word documents that infected users’ computers if downloaded.
The hacking group also used additional tactics that included a wiper tool – similar to the one from the Sony attack – that could delete any files on an infected computer. According to McAfee, an additional piece of malware also helped cover the attackers’ digital footprints via encryption.
Samani said that the scope of these attacks shows just how persistent North Korea’s hacking groups have become.
“They are carrying out attacks with impunity,” Samani said.
North Korea has ramped up its cyber attacks in recent years, and the country’s methods have become increasingly dangerous. It regularly targets other nations’ infrastructure and even steals money, according to cybersecurity specialists who track the regime’s behavior.
As a politically isolated country, North Korea is not afraid of the possible repercussions that generally deter other nations from committing similar attacks. The recent campaigns also show how North Korea’s goals have evolved beyond just targeting military secrets.