Malware on gambling websites that finance crime with your money
The creation and distribution of gaming websites that are pre-infected with malware is North Korea’s most recent money-making scheme, according to the National Intelligence Service (NIS) of South Korea. The NIS identified cybercrime organizations as buyers of the sites.
According to the report, the North Korean group behind the initiative is an IT company connected to the secretive Office 39, also called “Gyeongheung.” Office 39 is in the ruling Workers Party of Korea, and the US Department of Treasury believes it to be a revenue-generating machine of the country.
According to Secretary for Terrorism and Financial Intelligence Stuart Levey, “Korea Daesong Bank and Korea Daesong General Trading Corporation are key components of Office 39’s financial network supporting North Korea’s illicit and dangerous activities. Treasury will continue to use its authorities to target and disrupt the financial networks of entities involved in North Korean proliferation and other illicit activities.” The NIS believes this organization has already made billions of dollars in profit. Each website can be rented for about $5,000 a month, and North Korea provides technical help for an additional $3,000 per month.
Websites examined had malicious code placing bets automaticallyAdditionally, NIS stated that a feature on the websites it had examined included malicious code that placed bets automatically. The threat actors have attempted to sell about 1,100 pieces of personal information relating to South Korean people. They use the code to steal the personal information of any gamblers who signed up for the site.
The persons who erected the sites pretended to be Chinese IT workers to get around UN restrictions that forbade North Korean labor from being hired. They pilfered pertinent professional qualifications, and some had fake Chinese identity cards. The group hijacked South Korean cybergambling gang accounts and used bank accounts created under Chinese names to transfer money to disguise their tracks.
A Seol Korean source found that some clients didn’t mind that the sites were under sanctions and said they had knowingly maintained business with the North Koreans. The main reason? Because the North Koreans use and maintain the same common language they have — and all business done in North Korea involves much lower costs. Based in the border town Dandong, Gyeonghueng is a hotspot for Chinese apparel that can be obtained for a lot less money, and the people will work for much lower wages.
Featured Image Credit: Cottonbro Studio; Pexels
The post Malware on gambling websites that finance crime with your money appeared first on ReadWrite.