2017-03-25 19:46:02
North Korea’s Rising Ambition Seen in Bid to Breach Global Banks

When hackers associated with North Korea tried to break into Polish banks late last year they left a trail of information about their apparent intentions to steal money from more than 100 organizations around the world, according to security researchers.

A list of internet protocol addresses, which was supplied by the security researchers and analyzed by The New York Times, showed that the hacking targets included institutions like the World Bank, the European Central Bank and big American companies including Bank of America.

While some of the Polish banks took the hackers’ bait, the scheme was detected fairly quickly, and there is no evidence that any money was stolen from the intended targets. Yet security researchers said the hit list, found embedded in the code of the attack on more than 20 Polish banks, underlines how sophisticated the capabilities of North Korean hackers have become as their goals have turned financial, in addition to efforts to spread propaganda, heist data and disrupt government and news websites in countries considered enemies.

The list of targets, which has not been previously reported, is part of a growing body of evidence showing how North Korea, a country that is cut off from much of the global economy, is increasingly trying to use its cyberattack abilities to bring in cash — and making progressively bolder attempts to do so.

North Korea’s hacking network is immense, encompassing a group of 1,700 hackers aided by more than 5,000 trainers, supervisors and others in supporting roles, South Korean officials estimate. Because of the country’s poor infrastructure, the hackers typically work abroad, in places like China, Southeast Asia and Europe. Like other North Koreans allowed to work abroad, the hackers are constantly monitored by minders for possible breaches in allegiance to the government.

The security firm Symantec said it believed that the hackers behind the Poland attack were also behind two other major breaches: the theft of $81 million from the central bank of Bangladesh and a 2014 attack on Sony Pictures, which rocked the film industry.

“We found multiple links, which gave us reasonable confidence that it’s the same group behind Bangladesh as the Polish attacks,” said Eric Chien, a researcher at Symantec, which studied both attacks.

The firm has not traced the attacks to a specific country’s government, but American officials have blamed North Korea for the Sony attack, partly based on intelligence that came from American breaches of North Korea’s computer systems.

The list of targets uncovered in the Polish attack — including big American financial institutions like State Street Bank and Trust and the Bank of New York Mellon — is illuminating for its ambition, Mr. Chien added. “It’s one thing to go after Bangladesh,” he said, “but it’s a whole other thing to take on the U.S.”