Home Security North Korean cyber attackers share code: McAfee

Security company McAfee says it has found previously undiscovered links among malware thought to originate in North Korea.

Months of research have revealed "connections between the many attacks attributed to North Korea" and allowed categorisation of "different tools used by specific teams of their cyber army", according to McAfee's Jay Rosenberg and Christiaan Beek.

According to the researchers, North Korea is involved in cyber crime to bring in foreign currency as well as "nationalist aims" such as intelligence gathering and disrupting rival states.

"We focused in our research on the larger-scale nationalism-motivated campaigns, in which we discovered many overlaps in code reuse. We are highly confident that nation-state–sponsored groups were active in these efforts," the two researchers said.

Analysis of thousands of samples revealed "a significant amount of code similarities between almost every one of the attacks associated with North Korea".

Many of those similarities had not been seen before, they claimed, and "some of these attacks and malware have not been linked to one another, at least publicly".

Some of this common code was found in malware dating from 2009 to 2017.

McAfee identified commonalities between the Dark Hotel attacks reported by Kaspersky in 2014 (but which had been going on for more than seven years) with malware attributed to North Korea.

"We clearly saw a lot of code reuse over the many years of cyber campaigns we examined. This indicates the North Koreans have groups with different skills and tools that execute their focused parts of cyber operations while also working in parallel when large campaigns require a mix of skills and tools."


With 50+ Speakers, 300+ senior data and analytics executives, over 3 exciting days you will indulge in all things data and analytics before leaving with strategic takeaways that will catapult you ahead on your journey

· CDAO Sydney is designed to bring together senior executives in data and analytics from progressive organisations
· Improve operations and services
· Future proof your organisation in this rapidly changing technological landscape
· CDAO Sydney 2-4 April 2019
· Don’t miss out! Register Today!
· Want to find out more? Download the Agenda



Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.


Popular News




Sponsored News