N.Korean cyberattack looted $13.5mn from Indian bank: UN

Starved for foreign funds due to UN sanctions, North Korea carried out a $13.5 million cyber heist of Cosmos Bank using a network across 28 countries by breaking its internal safety measures, according to the world body.

The Security Council's panel of experts that monitors the sanctions on North Korea said the cyberattack in August last year was carried out "by an advanced persistent threat group" from that country.

"In August 2018, about $13.5 million was withdrawn from Cosmos Bank in India in more than 14,000 simultaneous automatic teller machine (ATM) withdrawals in 28 countries, as well as in additional transfers to an account belonging to a Hong Kong-based company," the report said.

The report by the panel of experts headed by Hugh Griffiths was released earlier this month by Council President Francois Delattre.

"The Cosmos attack was a more advanced, well-planned and highly coordinated operation that bypassed three main layers of defence contained in International Criminal Police Organization (INTERPOL) banking/ATM attack mitigation guidance," the report said.

Outlining the North Korean tactic, it said, "Not only were the actors able to compromise the SWIFT network in the Cosmos case to transfer the funds to other accounts, but they simultaneously compromised internal bank processes to bypass transaction verification procedures and order worldwide transfers to almost 30 countries where funds were physically withdrawn by individuals in more than 10,000 separate transactions over a weekend."

SWIFT, which stands for Society for Worldwide Interbank Financial Transaction code, identifies banks for international financial transactions.

The transfers to the Hong Kong-based company's account were made using SWIFT, the report said.

The report quoted a UN member country as saying that North Korea was using cyberspace for undercover operations "to acquire funds through a variety of measures in order to circumvent the sanctions".

The US has charged North Korean hacker Park Jin Hyok, who was a member of the hacking organisation known as the Lazarus Group and is also linked to North Korea's Reconnaissance General Bureau, according to the UN report.

He is charged with engaging in "wide-ranging, multi-year conspiracy to conduct computer intrusions and commit wire fraud" on behalf of North Korea.

The report said that according to the US, Park "has travelled to China in the past and conducted legitimate IT (information technology) work under the front company 'Chosun Expo' or the Korean Expo Joint Venture".

The report said that Park and his associates were also responsible for "fraudulent transfer of $81 million from Bangladesh Bank," according to the US.

Banco de Chile was also targeted and lost $10 million, the report said.

(Arul Louis can be reached at arul.l@ians.in and followed on Twitter @arulouis)

--IANS

al/am/in