North Korea Potentially Behind Significant Bank Heist Impacting African Countries, Including Nigeria and Kenya

North Korea, presently reeling under the weight of severe international sanctions and with the possibility of more on the horizon, could be resorting to alternative methods to finance its highly expensive nuclear program. This program threatens to bring instability to its regional neighbors including South Korea and Japan. According to top-tier cybersecurity company, Kaspersky Lab, a major bank heist may bear the fingerprints of North Korea, which would mark a startling turn of events. It is suspected that Lazarus, the group accused of purloining $81m from the Central Bank of Bangladesh last year, is again under the investigative microscope.

A recent CNN report suggested that Lazarus’s activities now extend across numerous banks, mostly in emerging economies including Nigeria. This group’s hackers, Kasperskys’ researchers indicate, have launched cyber assaults on financial institutions in Costa Rica, Ethiopia, Gabon, India, Indonesia, Iraq, Kenya, Malaysia, Nigeria, Poland, Taiwan, Thailand, and Uruguay.

In 2013 alone, Nigeria reported losses of approximately 40 billion ($1.4b at the time) to cyber criminals. This hefty sum, however, only constitutes a fraction of the over $200b lost globally to cybercrime every year. Reports of state-sponsored cyber theft are rare, making the possible involvement of North Korea in this sphere particularly noteworthy. It’s no secret that states have been accused of sponsoring hacking operations to pilfer intellectual property, with the US, Russia, and China frequently pointing fingers at each other.

But how did Kaspersky conclude that North Korea could be linked to the Lazarus hacking group?

The North Korean cyber connection first materialized in 2014, after Hollywood released a film that satirized North Korean leader Kim Jong Un. This comedic jab did not sit well with North Korea, and shortly thereafter, entertainment giant Sony fell victim to a crippling cyberattack. The FBI investigations that followed pointed towards the shadowy Lazarus group as potential culprits and subsequent findings indicated a North Korean connection. While North Korea never explicitly denied involvement, the nation’s internet mysteriously crashed for 19 hours in what appeared to be a retaliatory action from the United States.

Kaspersky Labs presented its findings at a cybersecurity conference in the Caribbean, noting that there were unusual testing activities observed from VPN/proxy servers. More intriguingly, they detected a short connection originating from an exceedingly uncommon IP address range based in North Korea. This finding points towards possible involvement of Lazarus group members from North Korea, although they caution that this evidence is not enough to provide definitive attribution, as the connection session could have been a deceptive maneuver.

Despite the circumstantial evidence, the question of who is ultimately behind these cyberattacks remains an open-ended query. Other powerful states could potentially be the real culprits. Given the sensational revelations and echoes from online communities, Russia emerges as a feasible suspect worth considering, further complicated by the fact that Kaspersky happens to be a Russian multinational company.

This recent turbulence in the cyber world comes two years after Kaspersky released a report indicating that around 30 banks, primarily based in Russia, may have fallen prey to a $1 billion heist. As cybersecurity continues to evolve and technology advances, the battleground for cybercrime seems to grow ever more complex and fraught with uncertainties.