FireEye has a new report out on a group it calls APT 38. This group is based in North Korea and has all the elements of a criminal gang, without being one. FireEye spends some time on separating this group from others operating in North Korea, and they appear to be different. For one thing, these guys are patient: "The group is careful, calculated, and has demonstrated a desire to maintain access to a victim environment for as long as necessary to understand the network layout, required permissions, and system technologies to achieve its goals. On average, we have observed APT38 remain within a victim network for approximately 155 days, with the longest time within a compromised environment believed to be almost two years."
This is about the surveillance of international banking environments, specifically looking for SWIFT transactions which are then used to make fraudulent transactions, then destroying the evidence of the transactions. This is a group that has to be state-sponsored. No group could operate on this scale without government approval. A criminal state with nuclear weapons. Not something any of us would like to see.
No comments:
Post a Comment