Catalin Cimpanu reports:
According to a new report published today by US cyber-security firm FireEye, there’s a clear and visible distinction between North Korea’s hacking units –with two groups specialized in political cyber-espionage, and a third focused only in cyber-heists at banks and financial institutions.
For the past four years, ever since the Sony hack of 2014, when the world realized North Korea was a serious player on the cyber-espionage scene, all three groups have been incessantly covered by news media under the umbrella term of Lazarus Group.
But in a report released today, FireEye’s experts believe there should be made a clear distinction between the three groups, and especially between the ones focused on cyber-espionage (TEMP.Hermit and Lazarus Group), and the one focused on financial crime (APT38).
Read more on ZDNet.
I had the pleasure of attending FireEye’s Cyber Defense Summit this afternoon, where there was a presentation on Apt38 that was absolutely fascinating and well-presented. As Catalin reports, Apt38 doesn’t tend to go for “smash and grab” but the presentation made it clear how patient they were in terms of staying in the environment – in one case, for over 600 days.
Apt38 has hit financial institutions in 11 countries by now. After listening to FireEye’s presentation, it is hard to imagine how a small to medium-sized bank would be able to defend against or prevent an attack by these nation-state actors.