North Korea denies it amassed $2 billion through cyberattacks on banks

SEOUL (Reuters) – North Korea denied on Sunday allegations that it had obtained $2 billion through cyberattacks on banks and cryptocurrency exchanges, and accused the United States for spreading rumors.

A United Nations report seen by Reuters last month said North Korea had used “widespread and increasingly sophisticated” cyberattacks to steal from banks and cryptocurrency exchanges, amassing $2 billion which it used to fund weapons of mass destruction programs.

“The United States and other hostile forces are now spreading ill-hearted rumors,” North Korea’s state-run KCNA news agency reported, citing a statement from the spokesperson for the National Coordination Committee of the DPRK for Anti-Money Laundering and Countering the Financing of Terrorism.

“Such a fabrication by the hostile forces is nothing but a sort of a nasty game aimed at tarnishing the image of our Republic and finding justification for sanctions and pressure campaign against the DPRK,” the statement said.

Washington has made scant progress toward its goal of getting North Korea to give up its nuclear weapons program, despite three meetings between U.S. President Donald Trump and North Korean leader Kim Jong Un.

North Korea’s vice foreign minister said on Saturday that hopes for talks with Washington were fading, and criticized Mike Pompeo’s recent comments about “North Korea’s rogue behavior”.

Pyongyang has been blamed in recent years for a series of online attacks, mostly on financial networks, in the United States, South Korea and over a dozen other countries, as experts say such cyber activities generate hard currency for the regime.

The crux of the allegations against North Korea is its connection to a hacking group called Lazarus that is linked to $81 million cyber heist at the Bangladesh central bank in 2016 and a 2014 attack on Sony’s Hollywood studio.

(Reporting by Ju-min Park; Editing by Raissa Kasolowsky)

New hacking group detected targeting firms in Russia, China

A padlock is displayed at the Alert Logic booth during the 2016 Black Hat cyber-

By Eric Auchard

FRANKFURT (Reuters) – A previously unknown hacking group variously dubbed “Strider” or “ProjectSauron” has carried out cyber-espionage attacks against select targets in Russia, China, Iran, Sweden, Belgium and Rwanda, security researchers said on Monday.

The group, which has been active since at least 2011 and could have links to a national intelligence agency, uses Remsec, an advanced piece of hidden malware, Symantec researchers said in a blog post (http://symc.ly/2aTHoOm).

Remsec spyware lives within an organization’s network rather than being installed on individual computers, giving attackers complete control over infected machines, researchers said. It enables keystroke logging and the theft of files and other data.

Its code also contains references to Sauron, the all-seeing title character in The Lord of the Rings, Symantec said. Strider is the nickname of the fantasy trilogy’s widely traveled main character Aragorn.

Separately, Moscow-based Kaspersky Lab has labeled the same group using the Remsec spyware as “ProjectSauron”.

The newly discovered group’s targets include four organizations and individuals located in Russia, an airline in China, an organization in Sweden and an embassy in Belgium, Symantec said.

Kasperksy said it had found 30 organizations hit so far in Russia, Iran and Rwanda, and possibly additional victims in Italian-speaking countries. Remsec targets included government agencies, scientific research centers, military entities, telecoms providers and financial institutions, Kasperksy said.

“Based on the espionage capabilities of its malware and the nature of its known targets, it is possible that the group is a nation state-level attacker,” Symantec said, but it did not speculate about which government might be behind the software.

Despite headlines that suggest an endless stream of new types of cyber-spying attacks, Orla Fox, Symantec’s director of security response said the discovery of a new class of spyware like Remsec is a relatively rare event, with the industry uncovering no more than one or two such campaigns per year.

Remsec shares certain unusual coding similarities with another older piece of nation state-grade malware known as Flamer, or Flame, according to Symantec.

Kaspersky agreed that the same group it calls ProjectSauron appears to have adopted the tools and techniques of other better-known spyware, including Flame, but said it does not believe that ProjectSauron and Flame are directly connected.

Flamer malware has been linked to Stuxnet, a military-grade computer virus alleged by security experts to have been used by the United States and Israel to attack Iran’s nuclear program late in the last decade (http://reut.rs/2b2FA8z).

(Editing by Greg Mahlich)