A man walks past a TV screen showing North Korean leader Kim Jong Un, in Tokyo on Monday. | AP

Business / Tech

North Korean hackers are working with Eastern European cybercriminals, report says

Reuters

NEW YORK – North Korean state-backed hackers appear to be cooperating with Eastern European cybercriminals, a report said on Wednesday, a finding that suggests digital gangsters and state-backed spies are finding common ground online.

Mountain View, California-based SentinelOne says that the Lazarus Group — which American prosecutors accuse of organizing the leak of emails from Sony Pictures and stealing millions of dollars from the Central Bank of Bangladesh — is getting access to some of its victims through a cybercrime gang dubbed “TrickBot.”

“For me it’s the biggest crimeware story since I don’t-know-when,” said Vitali Kremez of SentinelOne. “The Lazarus group has a relationship with the most sophisticated, most resourceful Russian botnet operation on the landscape.”

Hints that Lazarus and TrickBot operators are cooperating had surfaced previously. In April, a BAE researcher said she and others were weighing the theory that the cybercriminals were selling access to compromised organizations to Lazarus, a bit like a fence selling stolen door keys to a burglar.

In July, the cybersecurity arm of Japanese telecommunications company NTT speculated that North Korea might be collaborating with Lazarus and TrickBot’s operators.

Kremez said he found evidence. TrickBot communicated with a Lazarus-controlled server just a couple of hours before that same server was used to help break into the Chilean interbank network earlier this year, he said. American officials have also blamed the multimillion dollar heist on North Korea.

“That’s the strongest possible evidence linking to a celebrated case of Lazarus intrusion,” said Kremez.

Kremez said that the TrickBot operators were likely renting out its services to the North Koreans, or perhaps working on a commission basis.

The judgment was seconded by Assaf Dahan of Boston-based Cybereason, which is publishing its own, separate report on Trickbot’s operations Wednesday. He reviewed SentinelOne’s research and said its conclusions were credible, adding that he was certain that the cybercriminals knew that they were dealing with the North Korean government.

“Whether they care or not is a different thing,” he said.

GET THE BEST OF THE JAPAN TIMES IN FIVE EASY PIECES WITH TAKE 5

JOIN THE CONVERSATION

LATEST BUSINESS STORIES

Mitsubishi Electric Corp. said Monday that it was the target of a massive cyberattack, but confirmed that highly sensitive information was unaffected.

Mitsubishi Electric data likely compromised in massive cyberattack blamed on Chinese group: Mitsubishi Electric Corp. said Monday it has been targeted in a massive cyberattack, and that information regarding government agencies and other business partners may have been compromised, wit...

Fruit packaged in plastic are on display at a supermarket in Beijing in 2018.

China unveils plan to reduce single-use plastic by 2025: China's top economic planner said it would cut the production and use of plastic over the next five years, helping reduce one of the world's biggest sources of plastic pollution. By the e...

Toshiba Machine's humanoid robot at the International Robot Exhibition in Tokyo in December

Toshiba Machine shares surge after activist makes surprise bid: Toshiba Machine Co.'s share price soared Monday after the company said Japan's best-known activist investor, Yoshiaki Murakami, plans a tender offer. The stock jumped as much as 19 percent, to ¥...