North Korea is at it again with their hacks.

North Korea's hacking groups have decided to target online stores then decide to insert malicious code that steals customers' payment card details as they go through the checkout page and fill in the payment forms.

An adult online anonymous internet hacker with invisible face in urban environment and number codes illustration concept

SanSec a Dutch security firm has been following these up in a report. They state these attacks have been occurring since May of 2019.  The biggest name that has been hit was Claire's, reportedly was breached sometime from April to June of this year.  The methods these State hackers have been using are web skimming which describes how the payment details are stolen at the payment page.

Hackers need to gain access to the target's back-end server. That's where they can install and run malicious code on the store's page that appears to use the customer.  The code loads exclusively on the payment form page. Then silently logs payment card details as the customer is entering the info on checkout forms. The data is then logged to a remote server where the hackers collect and sell on forums.

Hacker Typer

These types of attacks are heavy on infrastructure and resources. SanSec reports the links used are the same domains and server IP addresses that have a connection to previous North Korean attacks in the past.  The evidence given has SanSec believing these points to Hidden Cobra (or Lazarus Group), a name was given by the US Department of Homeland Security to Pyongyang's state hacking group.

These hackers have had a long list of cyber-heists all over the globe. With ATM heists and ATM cash-outs, Cryptocurrency scams, Breaching cryptocurrency exchanges, planning COVID-19 phishing campaigns. They were also blamed for the WannaCry ransomware which really shocked the IT world back in 2017.

Due to North Korea's hacking campaigns, in September 2019, the US Treasury Department imposed sanctions entities that were believed they associated with the hacking groups. US officials believe these businesses are just fake to raise money for North Korea's own interests.

NK hacking group haven always been trying to raise money with their tactics. They will always be a bane in the IT world as they made their mark with WannaCry.

Want to fight cyber criminals every day? Find out more about our cyber security degrees offered at


Posted on Jul 7, 2020 12:47:53 PM by Marcos Xochihua in Hacking, in Cyber Security

Marcos Xochihua

Written by Marcos Xochihua

Marcos Xochihua is a Network Security major and Student Ambassador at University of Advancing Technology (UAT)


Email me when there is a new post.

I'd like more information about UAT

Lists by Topic

see all

Recent Posts

Posts by Topic

see all

Posts by Author

see all