Back to Spotlight

In what is called the most audacious cybercrime that has ever been attempted, a North Korean linked hacker group named Lazarus, tried to steal $1bn from a national bank. Lazarus gained fame after they hacked into SONY Pictures after SONY released a movie that went against North Korean national interests (here’s the inside story on the SONY attack).

 

So how did the hacker group try to steal $1 billion? To answer that question, we’re sharing with you an 11-minute long video, produced by VICE News, that looks at the attempted virtual bank heist. Here’s a summary of the video. 

 

 

  • Lazarus is a state-sponsored hacking group, supported from North Korea
  • The group first gained prominence after they hacked SONY Entertainment, leading then US president Barack Obama to name North Korea as suspect in a press conference
  • Shortly after the SONY Attack, the group started to target the Bangladesh national bank. How did they do it? 
  • They created a fake profile and CV that they sent via email to the bank of Bangladesh. Opening the CV that was attached  to the email triggered a malware
  • The hackers discovered that the Bangladesh Bank had $1 billion in reserves at the Federal Reserve Bank of New York – their goal was to transfer and steal that money. But simply transferring the money from New York to a personal bank account in North Korea wouldn’t be easy
  • The hackers waited for the perfect time, taking advantage of three different time zones, a weekend, and a public holiday (Lunar New Year)
  • They then initiated thirty five fraudulent transactions to send the $1 billion to the Philippines and Sri Lanka. Due to misspelled instructions in some transactions, the Federal Reserve Bank of New York blocked most transactions of $850 million, but transfers of the remainder  were still executed and landed in bank accounts in the Philippines
  • The problem the hackers now had was that the money was still traceable. They needed to launder the money quickly
  • So how did they do it? They took $81 million to casinos in the Philippines, changed the money to chips, gambled, took their winnings, cashed the winnings to check. The check  could not be linked to the money that came into the casino originally. 
  • Casino workers recalled “groups of men coming in almost like they were working a job, sitting down to gamble Baccara. They didn’t seem to react if they won, they didn’t seem to react if they lost.”
  • Meanwhile, the Bank of Bangladesh has traced the money to the Philippines, they went to the casinos saying that this is our money, but the casinos were not regulated by money laundering regulations
  • Interestingly, the FBI identified a main suspect of the bank heist. A North Korean named Park Jun Hyok, who is a key member of the Lazarus hacker group.

 

Why does this matter for businesses? 

  • The remarkable story of the bank heist offers insights into how professionally nation-state hackers operate
  • The story also illustrates that many professional hacker groups wait for public holidays and meticulously plan and carry out their cyberattack operations.