Search

‘Unusual event’ – North Korean hackers target Israeli FinTech company

Cyber expert says criminals were looking to steal funds for North Korea’s nuclear development program.

By Lauren Marcus, World Israel News

North Korean hackers recently attempted to infiltrate the internal systems of an Israeli cryptocurrency company in order to steal funds for financing the country’s nuclear program, Hebrew-language media reported.

The hackers utilized sophisticated tools and techniques that were previously unfamiliar to cybersecurity company Konfidas, which thwarted the attack.

“These attacks don’t happen overnight,” Konfidas’ CEO, Ram Levy, told radio station 103FM on Tuesday morning. Most of the time, the first step in these kinds of cyber attacks involves reaching out to the targeted business and gaining their trust, sometimes by impersonating one of the company’s suppliers or a client.

Then, the hackers send “a malicious file that contains the virus” with which they want to infect the target company.

“From the moment the virus reaches the computer, it starts spreading on the [target company’s internal] networks in order to provide access to financial assets or whatever data” the hackers are after, Levy explained.

Typically, the hackers then hold the critical information or funds hostage, demanding a ransom be paid by the company. There have been a number of attacks in this style in recent years levied against Israeli companies, primarily committed by Iranian hackers.

But the North Korean attack “deviated from this modus operandi,” Levy noted. “They simply spy, steal the funds, and the money disappears. There’s no interaction with the user…and this is a relatively unusual event.”

Levy added that his company provides its clients with 24/7 threat monitoring and that a benign-looking file triggered a security alert.

Because the file appeared innocuous at first glance, his team investigated why it had triggered the alert and discovered that it was malware that originated in North Korea.

In June 2022, The Guardian reported that North Korean hackers stole a staggering $100 million from Horizon Bridge, an American cryptocurrency company.