Sunday, September 26, 2021

US names three North Koreans in laundry checklist of cybercrime expenses – Bare Safety

The US Department of Justice (DOJ) has just unsealed a lengthy list of cybercrime charges against three North Koreans.

The DOJ explicitly named the three accused men as Jon Chang Hyok (31 years old), Kim Il (27), and Park Jin Hyok (36), alleging them to be part of a North Korean hacking group that you may have heard referred to over the years as APT38 or the Lazarus Group.

APT is shorthand for Advanced Persistent Threat, a jargon term for malware that is designed not only to infect a computer but also to remain in place and to stay active even after the current user logs off or reboots the device. Malware that is persistent essentially runs quietly but continuously in the background until someone spots it and removes it. Sadly, most modern malware has persistence, so it doesn’t magically vanish when you exit your browser or turn off your computer.

According to the indictment, the three men are said to have been criminally active from “no later than September 28, 2009, and continuing through [to] at least December 8, 2020.”

This means that Kim Il (who apparently also went by the name Tony Walker) allegedly got started when he was still a teenager, because he would have been just 15 or 16 years old back in 2009.

The charge sheet makes interesting reading, enumerating 45 specific instances of alleged criminality, referred to formally in the charge sheet as “Overt Acts 1 to 45.”

We advise you to peruse this list and ask yourself, for each Overt Act, the questions: “How well would my own network and staff block an attack of this sort?”, as well as “If we didn’t block it up front, how quickly would we spot it afterwards, before further harm could be done?”