+ A

North Korean hackers target Apple computers

Oct 16,2019
North Korean hackers used fake cryptocurrency software to breach Apple computers, according to U.S. tech security researchers.

The entity behind the alleged attacks on Apple computers is believed to the Lazarus Group, a team of cybercriminals that U.S. intelligence believes is sponsored by the North Korean Reconnaissance General Bureau (RGB).

According to Patrick Wardle, an Apple Mac security specialist and principal security researcher at Jamf, a U.S.-based company specializing in Apple device management, malware that was uncovered by a team of independent researchers last week resembled those earlier macOS-based programs developed by Lazarus Group in the past.

Wardle detailed the cryptocurrency hacking operation on his blog, writing that Lazarus appears to have set up a cryptocurrency front company called Celas Trade Pro with its own website to lend credence to their operation.

On that website, the group uploaded a cryptocurrency trading application for macOS that was embedded with malicious software that would enable the hackers to gain remote access to infected Macs.

The operation was highly similar to a macOS-based attack orchestrated by Lazarus Group a year ago, which Kaspersky Lab, a global cybersecurity company, traced back to North Korea based on code written into the program.

Lazarus Group is suspected to be behind high-profile cyberattacks by North Korea over the last decade. In March 2013, a total of six South Korean TV stations and banks experienced freezes in their computer networks, which officials in Seoul later traced to North Korean hackers operating out of China.

The attack damaged up to 32,000 computers and prompted the South’s communications watchdog, the Korea Communications Commission, to raise their alert level.

A better-known incident involved the hacking of Sony Pictures in November 2014, when a group calling itself the Guardians of Peace released confidential information about the company demanding that it not release the comedy film “The Interview,” which mocked North Korean leader Kim Jong-un.

With the hackers threatening terrorist attacks at cinemas that screened the film, Sony eventually canceled a formal premiere and released the movie directly to streaming services.

In more recent years, the group tapped into the global cryptocurrency boom by targeting trading operations in South Korea using software similar to that used in the Sony hack. Bithumb, a South Korean exchange company, reported that $7 million was stolen from it in February 2017, while another company, Youbit, had to file for bankruptcy as a result of a similar attack.

A confidential United Nations report from August, according to Reuters, alleged that North Korea may have generated approximately $2 billion from such cyberattacks around the globe as part of a concerted effort to generate foreign currency as its economy chokes under international sanctions.

The U.S. State Department, Reuters said, commented on this report that North Korea’s cyber activity “generates revenue that supports its unlawful WMD (weapons of mass destruction) and ballistic missile programs.”

Last month, the U.S. Treasury Department announced sanctions on three cyber groups that included Lazarus Group, which it said were subordinate to North Korean intelligence.

BY SHIM KYU-SEOK [shim.kyuseok@joongang.co.kr]