By: Denise Simon | Founders Code
All is not so copacetic with North Korea. The United States has many channels of intelligence regarding North Korea and dealing with Kim Jong-Un. Many of the moving parts require diplomatic artistry.
Below are but two examples and the prediction of a second summit between the United States and North Korea being noted, the logistics is a chess game.
FireEye has released a report stating the tools and techniques used by the group, “We believe APT38’s financial motivation, unique toolset, and tactics, techniques, and procedures (TTPs) observed during their carefully executed operations are distinct enough to be tracked separately from other North Korean cyber activity. There are many overlapping characteristics with other operations, known as “Lazarus” and the actor we call TEMP. Hermit; however, we believe separating this group will provide defenders with a more focused understanding of the adversary and allow them to prioritize resources and enable defense.”
In their official blog, the company further explained the distinction of the group from any other hackers out there. Foremost, the malware tools used overlap or are similar indicating the similar development behind the scenes.
The general pattern used by APT38 was observed to be this way:
- First, the information is gathered by targeting third-party vendors to understand the mechanics of their transactions.
- Then, initial compromise takes place followed by internal reconnaissance, then pivot to victim servers used for swift transactions.
- After this, finally, the funds are transferred or stolen.
- This group does not stop there. They remove all the evidence that might help the authorities trace back to them or know the exact way or methodology of the fraud.
FireEye addressed the threat the group poses to its targeted sector by stating, “APT38 is unique in that it is not afraid to aggressively destroy evidence or victim networks as part of its operations. This attitude toward destruction is probably a result of the group trying to not only cover its tracks but also to provide cover for money laundering operations.” The full 32 page report is here.
The U.S. Treasury Department last week sanctioned a Turkish company, two Turkish individuals, and a North Korean individual for violating UN sanctions on Pyongyang. These sanctions came just before Secretary of State Mike Pompeo’s fourth trip to North Korea in preparation for an anticipated second Trump-Kim summit.
Treasury targeted the Turkey-based company SIA Falcon International Group; the company’s chief executive officer, Huseyin Sahin; the company’s general manager, Erhan Culha; and North Korea’s economic and commercial counselor in Mongolia, Ri Song-Un. The sanctions were issued pursuant to Executive Order 13551, which restricts trade in arms and luxury goods with North Korea. UN Security Council Resolution 1718 from 2006 also prohibits member states from conducting such trade.
In a press release, Treasury noted that SIA Falcon operates in Latvia. In February 2018, Treasury’s Financial Crimes Enforcement Network (FinCEN) named ABLV Bank of Latvia an institution of primary money laundering concern. FinCEN noted that ABLV “institutionalized money laundering as a pillar of the bank’s business practices” and conducted illicit financial transactions for North Korean procurement or export of ballistic missiles. Treasury did not confirm, however, that SIA Falcon’s Latvian branch office used ABLV’s bank services.
Treasury’s latest sanctions came the same day as The Rodong Sinmun, a North Korean state-run newspaper, published an article lambasting U.S. sanctions policy. Just days earlier, North Korea’s foreign minister, Ri Yong Ho, implored the UN Security Council to lift sanctions in response to Pyongyang’s moves to freeze missile and nuclear testing and to destroy the Punggye-ri test facility. However, until North Korea agrees to denuclearization and a full declaration of Pyongyang’s nuclear weapons program, facilities, and capabilities, Washington has confirmed it will not ease sanctions pressure.
After Secretary Pompeo’s latest trip to North Korea, Pyongyang’s media outlets suggested U.S.-North Korea relations are improving. Of course, these latest designations, as well as ongoing U.S. diplomatic efforts to ensure international compliance with UN sanctions, could stir further tensions. Despite these risks, the sanctions send a useful message to Pyongyang that the Trump administration will not back down until the Kim regime meets its core demands. Hat tip: FDD.