North Korean hackers were attacking networks all across the U.S. last week while their leader Kim Jong Un met with President Donald Trump in Vietnam.
While the summit was underway, hacks took place on more than 100 “banks, utilities and oil and gas companies” throughout the U.S. and globally, according to McAfee research.
“They are very, very, very active. It’s been nonstop,” Raj Samani, McAfee’s chief scientist, told The New York Times. “We’ve seen them hit in excess of 100 victims.”
North Korean cyberattacks continued during last week’s Trump-Kim summit, report says https://t.co/gdO1krvRKG
— TIME (@TIME) March 4, 2019
With the direction of a law enforcement agency that was not disclosed by McAfee, Samani and his team of researchers accessed a primary computer server used by the hackers. They were then able to observe North Korean hackers in real time as they waged their cyberattacks
The attacks appeared to be aimed at specific companies with the intent of extracting intellectual property, although the motive was not clear to the researchers. The computer network breaches were considered highly sophisticated, and reportedly targeted the computers of top-level executives or engineers with the highest access levels over company networks.
Attacks hit companies in Houston, which is considered a major area for the oil and gas industry, as well as New York, a major area for finance. McAfee did not disclose the names of the targeted companies, however.
Other targeted companies were located in London, Madrid, Tokyo, Tel Aviv, Rome, Bangkok, Taipei, Seoul and Hong Kong.
No targets were located in Russia or mainland China, where North Korea maintains good relations.
The researchers also determined that the latest attacks are connected to a campaign, “Operation Sharpshooter,” which began in Sept. 2017 — earlier than they originally expected.
Report: A global cyber espionage campaign, known as Operation Sharpshooter, started a year earlier than previously thought and is still ongoing, say security researchers, adding that a group linked to North Korea could be behind the campaign.https://t.co/iAsSn4EmV7
— TIMES NOW (@TimesNow) March 4, 2019
The hacks traced back to Lazarus Group, a group of hackers that has previously been linked to North Korea. In prior hacks, cybersecurity analysts tracked IP addresses of Lazarus Group hackers to North Korea.
The massive WannaCry cyberattack in 2017 was also attributed to Lazarus Group by Symantec researchers. Separately, Microsoft attributed the same attack to North Korea. WannaCry affected more than 150 companies globally.
At the June 2018 summit between the U.S. and North Korean leaders, Kim Jong Un agreed to stop testing its nuclear missiles – a vow that he repeated last week, although a formal deal was not signed. However, no agreement was made at either summit on cyberattacks.