North Korea has been accused of hacking numerous banks throughout Latin America.
According to CyberScoop‘s Chris Bing, three sources with knowledge of the matter say digital breadcrumbs left behind by the hackers point to Pyongyang.
While several of the breaches have yet to become publicly known, previous reports indicate that banks in Mexico and Chile were among those targeted.
“Several high profile incidents that were only recently disclosed, including breaches at Mexico’s Bancomext and Chile’s Bank of Chile, saw the attacker drop destructive malware after attempting to leverage the SWIFT payment system to siphon money through fraudulent transfer requests,” Bing writes.
The recent hacking operations are believed to have netted the North Korean regime more than $15 million.
Alongside Latin America, the North Korean hackers are said to be increasing attacks against financial targets in Eastern Europe and Southeast Asia as well.
Bing notes that investigators have found “shared malware variants between the multiple incidents,” including “MBR Killer” and “Bootwreck/killdisk.”
While MBR Killer was first linked to a Russian cybercrime gang several years ago, North Korea is believed to have begun using the tool after its code was published online in an attempt to misdirect researchers.
“This is not the first time North Korean hackers have attempt to disguise their tracks through the use of either ‘false flags’ or open-source hacking tools,” Bing adds. “However, Pyongyang’s penchant for destructive malware appears to be more novel.”
The suspected North Korean hackers are also said to have targeted the banks directly as opposed to their customers.
While Pyongyang’s hackers are believed to focus heavily on the financial institutions, a recent report from cybersecurity firm McAfee said North Korea has increased its reconnaissance against other industries including critical infrastructure, entertainment, health care, and telecommunications in 17 countries, including the U.S.
Two South Korean cybersecurity experts said last week that despite attempts at diplomacy from Washington and Seoul, North Korea appears to be continuing its hacking operations.