Hackers linked to North Korea continued waging cyberattacks against U.S. companies and other targets while leaders from Washington and Pyongyang met for their second summit last week, the New York Times reports.
Throughout the ongoing, 18-month operation, hackers from Lazarus group have persistently targeted key industries, including energy and telecommunications, as well as government and defense sectors, according to a report California-based cybersecurity firm McAfee published Sunday.
Researchers at McAfee say they discovered the campaign, dubbed “Operation Sharpshooter,” in December 2018, but have evidence that it may have started as early as September 2017.
Working with an undisclosed law enforcement agency, McAfee says its researchers got access to one of the main computer servers used by the hackers. The researcher then watched attacks unfold in real-time.
“[The hackers] are very, very, very active. It’s been nonstop,” Raj Samani, chief scientist at McAfee, told the Times.
The operation’s attacks have focused mainly on banks, utilities and oil and gas companies, hitting over 100 targets in the U.S. and other Western countries, according to the Times. Most U.S. targets were in Houston and New York City, but other international cities like London, Madrid, Tokyo, Tel Aviv and Hong Kong were also hit. Cities in Russia and mainland China, which maintain good relations with North Korea, did not receive many attacks. McAfee declined to name which companies were hit.
The attacks were highly sophisticated and perpetrated to access computer networks and intellectual property at specific companies, according to the firm.
The new information from McAfee shows that although North Korea has not tested a missile in more than 15 months, it may have continued to wage its cyber war with the West unabated.
North Korea’s hackers gained international attention after the Sony attack in 2014. Many believe the attack came in retaliation for the spoof movie The Interview. Regular cyberattacks began shortly after Trump called Kim “little rocket man” in speech to United Nations in 2017, according to the Times.
North Korea is also believed to be behind the 2017 WannaCry cyberattack, which affected more than 150 organizations globally.
“North Korea appears to be engaging in increasingly hostile cyber activities, including theft, website vandalism, and denial of service attacks,” says a March 2018 report on information warfare compiled by the Congressional Research Service.
In September 2018, the U.S. Treasury sanctioned a North Korean programmer for his role in the Sony and WannaCry attacks.
Cybercrime is also reportedly one of North Korea’s main methods of attaining foreign currency.