Take a Virtual, Interactive Tour 

Hacking, Cyber Security

  |  
4 Min Read

North Korea is at it again with their hacks.

North Korea's hacking groups have decided to target online stores then decide to insert malicious code that steals customers' payment card details as they go through the checkout page and fill in the payment forms.

An adult online anonymous internet hacker with invisible face in urban environment and number codes illustration concept


SanSec a Dutch security firm has been following these up in a report. They state these attacks have been occurring since May of 2019.  The biggest name that has been hit was Claire's, reportedly was breached sometime from April to June of this year.  The methods these State hackers have been using are web skimming which describes how the payment details are stolen at the payment page.

Hackers need to gain access to the target's back-end server. That's where they can install and run malicious code on the store's page that appears to use the customer.  The code loads exclusively on the payment form page. Then silently logs payment card details as the customer is entering the info on checkout forms. The data is then logged to a remote server where the hackers collect and sell on forums.

Hacker Typer

These types of attacks are heavy on infrastructure and resources. SanSec reports the links used are the same domains and server IP addresses that have a connection to previous North Korean attacks in the past.  The evidence given has SanSec believing these points to Hidden Cobra (or Lazarus Group), a name was given by the US Department of Homeland Security to Pyongyang's state hacking group.

These hackers have had a long list of cyber-heists all over the globe. With ATM heists and ATM cash-outs, Cryptocurrency scams, Breaching cryptocurrency exchanges, planning COVID-19 phishing campaigns. They were also blamed for the WannaCry ransomware which really shocked the IT world back in 2017.

Due to North Korea's hacking campaigns, in September 2019, the US Treasury Department imposed sanctions entities that were believed they associated with the hacking groups. US officials believe these businesses are just fake to raise money for North Korea's own interests.

NK hacking group haven always been trying to raise money with their tactics. They will always be a bane in the IT world as they made their mark with WannaCry.

Want to fight cyber criminals every day? Find out more about our cyber security degrees offered at https://www.uat.edu/cyber-security-degrees

 

Comment

GitHub Wants Your Policy Proposals

In light of the recent leak of Twitch’s source code (over 6,000 private GH repositories) and other information, through a 125GB data torrent over 4chan.org, GitHub (GH) is now stepping up their ...
Picture of Micah Turpin Micah Turpin 4 Min Read

Golang the new standard for malware langauge?

In a recent security report by cybersecurity firm Intezer, they reported that a huge spike of malware strains being coded in Go programming has increased about 2,000% in recent years.

VMware vulnerability leaves about 6,700 servers ripe for the picking.

VMware vCenter servers have been hit in a new attack which left them exposed and vulnerable by the hackers which allowed them to take over any unpatched machine and take over companies' entire ...