Play Live Radio
Next Up:
Available On Air Stations
Health & Science

North Korea Linked To Cyber Attacks On Asian Banks


Security experts say North Korea might be behind a spree of cyberattacks on Asian banks. Researchers at the firm Symantec say these attacks have something in common with the one on Sony Pictures in 2014. That's the one the FBI tied to North Korea. Here to talk about all this is NPR's tech reporter Aarti Shahani.

Hi there.


MCEVERS: So who do the Symantec researchers say hacked into these banks?

SHAHANI: The name of the group is Lazarus, and apparently they're a very effective group of hackers. And, you know, they're not just breaking into networks and stealing emails. They're developing a strategy to hijack banks and take cash directly out. The group allegedly stole tens of millions of dollars from the Central Bank of Bangladesh back in February. The Central Bank chief actually had to resign over that. In Vietnam, Lazarus allegedly attempted to steal more than a million from a bank there too. Officials managed intercept it, though, before it happened. A bank in Ecuador was also hit. And now, according to Symantec - you know, the company that makes antivirus software - according to Symantec, this same group hit the Philippines and managed to break into desktop computers and a house. It's not clear, though, if they managed to steal money this time.

MCEVERS: So what does all this have to do then with North Korea?

SHAHANI: OK. So this is going to sound a little complicated or convoluted so just bear with me here, OK? First there are a bunch of attacks that are linked to Lazarus the hacking group, OK? According to multiple security experts, malicious software - the exact same lines of malware - keeps showing up in attacks against South Korean companies, against Sony Pictures, which you referenced earlier, and now in these bank attacks. And so the security experts say that cannot be a coincidence. Lines of malicious software don't just get copied and pasted magically. So they believe Lazarus is behind it. OK. That's part one. Now, part two is the North Korea connection. According to U.S. intelligence officials, North Korea was behind Sony. So the private sector experts who've studied the hack, they're saying by extension it could be North Korea is behind these other attacks using the same malware.

MCEVERS: Did the researchers talk about why a country would want to get into the business of robbing banks?

SHAHANI: You know, according to the researchers, it's strange behavior, and I mean, really significant because, you know, nation states don't typically rob each other's banks. Though I do want to temper it by saying that it is to some extent speculation. We don't know for a fact that North Korea is behind it.

MCEVERS: And the banks targeted in these attacks are pretty small. I mean, these are not the Citibanks and the J.P. Morgans of the world. Is there a reason why hackers would target these small banks?

SHAHANI: Yeah, you know, it is definitely the case that these smaller banks are weaker links in the global financial system. There's a global network for banks to talk to each other and complete transactions. It's called SWIFT. And in fact just this week, the CEO of SWIFT gave this big address in Brussels. He said, listen, our central system's not at fault, it hasn't been compromised, but it looks like these small banks in our networks are vulnerable. He called the attack against Bangladesh in particular a watershed event. Again, that was the Central Bank looted by cyberthieves who took lots of money. And he said it's not an isolated incident. To his knowledge, other banks are being similarly attacked, small banks in particular. Part of the problem is small banks don't have response teams and fancy detection software like the big banks do. So in his opinion, the attacks are part of a campaign that's going to continue.

MCEVERS: That's NPR's Aarti Shahani. Thanks so much.

SHAHANI: Thank you. Transcript provided by NPR, Copyright NPR.