AXIS OF EVIL

North Korean and Russian hackers form terrifying criminal alliance that’s helping to fund Kim Jong-un’s nukes

Tariq Tahir

Published: 16:06, 17 Dec 2020
Updated: 16:10, 17 Dec 2020

NORTH Korean and Russian hackers are teaming up in a terrifying criminal alliance, a new report has warned.

Both are home to sophisticated gangs of cybercriminals linked to the state that are believed to be behind hack attacks on Britain.

One of North Korea's nuclear capable missiles on parade in PyongyangCredit: AP:Associated Press

Security firm found links between the North Koreans and the Russians - suggesting the two are sharing cyber weapons which could be used against the West.

North Korea is understood to use its hacking operations to help fund its nuke programme - with the UN saying the cyber schemes have earned Kim $2billion in three years.

The revelations comes as Vladimir Putin's cyber warriors have been linked this week massive hack attack on the US, dubbed the Solar Winds breach.

Intel 471 uncovered connections between Kim's cyber thieves and a Russian-operated malware - malicious software - operation called TrickBot.

TrickBot is described in the report as a "malware-as-a-service offering" - on sale to hackers with the right connections.

It is "run by Russian-speaking cybercriminals, that is not openly advertised on any open or invite-only cybercriminal forum or marketplace".

And it works with "top-tier cybercriminals with a proven reputation," the report said.

North Korean hacking unit Lazarus Group is believed to be behind attacks on the NHS.

It has also been accused of using fake job adverts on LinkedIn to hack into companies and steal money, and stealing $81million from the central bank of Bangladesh

They have been described as the "quintessential scary, emerging strategic actor” by former White House director of cyber security Grey Rattray

Russians and North Koreans are trading expertise says a new reportCredit: Alamy

Who are the Lazarus Group?

A group of hackers working in behalf of Lab 110, a North Korean military intelligence unit, have come to be known as the Lazarus Group.

The group’s main activity lies in making money are believed to have made $2 billion for North Korea's nuclear programme.

It’s part Pyongyang’s effort to circumvent long-standing international sanctions.

They first came to prominence when they hacked Sony in 2014, when large amounts of data were stolen.

During the past few years, Lazarus has also been actively attacking financial institutions such as cryptocurrency exchanges.

It conducted an $81 million heist on the Central Bank of Bangladesh in 2016.

In the last two years, the group has also been attacking companies connected to the defence and aviation sectors.

In 2018 a more 200,000 victims across 150 countries were infected by malicious software known as WannaCry, including 40 NHS trusts that was linked to Lazarus.

The FBI have issued an arrest warrant for Park Jin Hyok for his alleged role in the Sony Hack and Wannacry.

Meanwhile, Russian hackers have been around longer but were recently back in the spotlight after striking again to try to steal Britain’s coronavirus vaccine.

And the cyber criminals recent assaults on the US were branded as a "virtual declaration of war" by Senator Dick Durbin.

The Intel 471 report said other security researchers have pointed to possible links between the Russians and North Koreans.

But it said its investigation have found more evidence, including signs that malware developed in North Korea was offered for sale on Russian marketplaces.

"Our conclusion is that we deem it likely that threat actors running or having access to TrickBot infections are in contact with DPRK (North Korean) threat actors," the report said.

"DPRK threat actors likely are active in the cybercriminal underground and maintain trusted relationships with top-tier Russian-speaking cybercriminals."

Several thousand hackers work for the North Korean regimeCredit: Reuters

It added that "malware believed to be only used and probably written by DPRK threat actors was very likely delivered via network accesses held by Russian-speaking cybercriminals."

Intel 471 CEO Mark Arena explained what both sides get out of collaboration.

The Russians “gain out of it is their access to a team or group of people [who] are specialized in hacking banks and stealing huge amounts of money”.

For North Korea, the benefit is a source of access into financial institutions which the Russians sell access to, the

North Korean and Russian hackers form terrifying criminal alliance that’s helping to fund Kim Jong-un’s nukes

Who are the Lazarus Group?

Most read in News

Tragic toddler found unresponsive was 'laughing and joking' hours before

The five missed opportunities to save tragic Kiena from her abusive ex revealed

100 miners dead & 500 trapped in abandoned mine after being stuck for 9 MONTHS

M1 closed as body found near motorway with probe into mysterious death

READ MORE SUN STORIES

Love Island fans moan about ‘pointless’ star returning for All Stars

Love Island's India reveals truth behind split from Ovie - and fans are furious

MORE SECTIONS

MORE FROM THE SUN

Who are the Lazarus Group?

Most read in News

Tragic toddler found unresponsive was 'laughing and joking' hours before

The five missed opportunities to save tragic Kiena from her abusive ex revealed

100 miners dead & 500 trapped in abandoned mine after being stuck for 9 MONTHS

M1 closed as body found near motorway with probe into mysterious death

READ MORE SUN STORIES

Love Island fans moan about ‘pointless’ star returning for All Stars

Love Island's India reveals truth behind split from Ovie - and fans are furious