UN Cyberattack: Investigators Monitoring North Korea Sanctions Hit
Experts working for the United Nations to investigate violations of sanctions on North Korea were hit by a “sustained” cyberattack from an unknown source, Reuters reported.
The hackers were apparently able to gain access to a computer belonging to one of the experts and used it to carry out an ongoing attack that displayed “very detailed insight” into the investigators and their work.
Read: WannaCry Ransomware: Attack Shares Code With North Korea Malware, Experts Say
The initial breach reportedly took place May 8, according to an email sent from the chair of the panel of experts to U.N. officials and the 1718 committee — the U.N. Security Council committee that oversees sanctions on North Korea.
The email, which was seen by Reuters, said the attack was carried out by sending a .zip file with a “highly personalized message” to a member of the investigatory group. The expert likely opened the .zip file, which resulted in the installation of malicious software on the device.
A follow-up email sent by the U.N. sanctions committee secretary to U.N. Security Council members May 10 said the U.N. Office of Information and Communications Technology was "conducting an analysis of the affected hard drive."
An email from the chair of the panel of experts said the attack is not the first attempt to compromise a device belonging to the group in charge of monitoring sanctions on North Korea. Similar attacks were attempted in 2016, and the panel chair advised there is currently a “heightened risk” of attack.
Read: North Korean Hackers Accused Of Sony Pictures Attack Linked To $81M Bangladesh Bank Heist
North Korea has denied any involvement in the attack. The country’s deputy U.N. envoy said Friday “it is ridiculous” to link the North Korean government to the hacking of the panel of experts in charge of monitoring sanctions.
The country has also denied any connection to the WannaCry ransomware attack that hit 300,000 machines in 150 countries earlier this month. Code in the attack, which made use of a U.S. National Security Agency exploit leaked by an unknown group of hackers known as the Shadow Brokers, shared code with malware associated with a group of hackers linked to North Korea.
The code that WannaCry shares is a backdoor trojan known as Contopee. The malicious software has been used by the North Korea-connected hacking collective Lazarus Group to attack a number of targets, including financial institutions in Southeast Asia. Lazarus Group was also involved in the 2014 attack on Sony Pictures that resulted in the leak of confidential information and unreleased films.
The connection between WannaCry and the Lazarus Group malware was first discovered by Google security researcher Neel Mehta and echoed by a number of security experts who verified the similarity though many noted similarities in code does not necessarily mean an attack can be attributed to the same source.
Security research firm Symantec disclosed findings Monday that drew even stronger links between Lazarus Group and the WannaCry attack, including “substantial commonalities” in the tools, techniques and infrastructure used by the WannaCry attackers and those seen in previous Lazarus attacks.
Symantec said it is “highly likely Lazarus was behind the spread of WannaCry,” but noted the WannaCry attacks “do not bear the hallmarks of a nation-state campaign” but, rather, were more typical of the behavior of a cybercrime campaign.
© Copyright IBTimes 2024. All rights reserved.