www.theregister.com
Open in
urlscan Pro
104.18.4.22
Public Scan
URL:
https://www.theregister.com/2024/02/15/north_korea_turns_to_designing/
Submission: On February 16 via api from TR — Scanned from DE
Submission: On February 16 via api from TR — Scanned from DE
Form analysis 2 forms found in the DOM
POST /CBW/custom
<form id="RegCTBWFAC" action="/CBW/custom" class="show_regcf_custom" method="POST">
<h5>Manage Cookie Preferences</h5>
<ul>
<li>
<label>
<input type="checkbox" disabled="disabled" checked="checked" name="necessary" value="necessary">
<strong>Necessary</strong>. <strong>Always active</strong>
</label>
<label for="accordion_necessary" class="accordion_toggler">Read more<img width="7" height="10" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/arrow_down_grey.svg" class="accordion_arrow"></label>
<div class="accordion">
<input type="checkbox" id="accordion_necessary">
<p class="accordion_info"> These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect. </p>
</div>
</li>
<li>
<label>
<input type="checkbox" name="tailored_ads" value="tailored_ads">
<strong>Tailored Advertising</strong>. </label>
<label for="accordion_advertising_tailored_ads" class="accordion_toggler">Read more<img width="7" height="10" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/arrow_down_grey.svg"
class="accordion_arrow"></label>
<div class="accordion">
<input type="checkbox" id="accordion_advertising_tailored_ads">
<p class="accordion_info"> These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers,
and in some cases selecting advertisements that are based on your interests. </p>
</div>
</li>
<li>
<label>
<input type="checkbox" name="analytics" value="analytics">
<strong>Analytics</strong>. </label>
<label for="accordion_analytics" class="accordion_toggler">Read more<img width="7" height="10" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/arrow_down_grey.svg" class="accordion_arrow"></label>
<div class="accordion">
<input type="checkbox" id="accordion_analytics">
<p class="accordion_info"> These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our
sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance. </p>
</div>
</li>
</ul> See also our <a href="https://www.theregister.com/Profile/cookies/">Cookie policy</a> and <a href="https://www.theregister.com/Profile/privacy/">Privacy policy</a>. <input type="submit" value="Accept Selected" class="reg_btn_primary"
name="accept" id="RegCTBWFBAC">
</form>POST /CBW/all
<form id="RegCTBWFAA" action="/CBW/all" method="POST" class="hide_regcf_custom">
<input type="submit" value="Accept All Cookies" name="accept" class="reg_btn_primary" id="RegCTBWFBAA">
</form>Text Content
Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”. REVIEW AND MANAGE YOUR CONSENT Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer. MANAGE COOKIE PREFERENCES * Necessary. Always active Read more These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect. * Tailored Advertising. Read more These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests. * Analytics. Read more These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance. See also our Cookie policy and Privacy policy. Customize Settings Sign in / up TOPICS Security SECURITY All SecurityCyber-crimePatchesResearchCSO (X) Off-Prem OFF-PREM All Off-PremEdge + IoTChannelPaaS + IaaSSaaS (X) On-Prem ON-PREM All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector (X) Software SOFTWARE All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization (X) Offbeat OFFBEAT All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us (X) Special Features SPECIAL FEATURES All Special Features Cloud Infrastructure Week Cybersecurity Month Blackhat and DEF CON Sysadmin Month The Reg in Space Emerging Clean Energy Tech Week Spotlight on RSA Energy Efficient Datacenters VENDOR VOICE Vendor Voice VENDOR VOICE All Vendor Voice Amazon Web Services (AWS) Business Transformation Google Cloud Infrastructure Hewlett Packard Enterprise: AI & ML solutions Hewlett Packard Enterprise: Edge-to-Cloud Platform Intel vPro VMware (X) Resources RESOURCES Whitepapers Webinars & Events Newsletters CYBER-CRIME 3 NORTH KOREA RUNNING MALWARE-LADEN GAMBLING WEBSITES AS-A-SERVICE 3 $5K A MONTH FOR THE SITE. $3K FOR TECH SUPPORT. INFECTION WITH MALWARE AND FUNDING A DESPOT? PRICELESS Laura Dobberstein Thu 15 Feb 2024 // 04:30 UTC North Korea's latest money-making venture is the production and sale of gambling websites that come pre-infected with malware, according to South Korea's National Intelligence Service (NIS). The Service on Wednesday identified South Korean cyber crime organizations as buyers of the sites. Reports allege that the North Korean faction responsible for this effort is an IT organization affiliated with the hermit kingdom's secretive Office 39 known as "Gyeongheung." Office 39 sits within the ruling Workers Party of Korea. It's believed by many – including the US Department of Treasury – to be a revenue-generating machine of the country, providing foreign currency and slush funds for the North Korea's leaders through both legal and illegal activities. Whoever runs the scam, the NIS believes they've made billions of dollars in profit. The websites are rented at around $5,000 a piece per month. For an extra $3,000 per month North Korea throws in tech support. Local media report that an additional $2000 to $5000 might be granted if the website can gather a significant volume of bank account details from the PayPal accounts of Chinese nationals. Furthermore, NIS reported that the websites it has investigated contained malicious code in a feature that made automatic bets. The threat actors use the code to steal the personal information of gamblers, and have attempted to sell approximately 1,100 pieces of personal data pertaining to South Korean citizens. * Russia joins North Korea in sending state-sponsored cyber troops to pick on TeamCity users * Industry piles in on North Korea for sustained rampage on software supply chains * China's gambling crackdown spawned wave of illegal online casinos and crypto-crime in Asia * North Korea makes finding a gig even harder by attacking candidates and employers To circumvent UN sanctions that prohibit hiring North Korean workers, the group building the sites posed as Chinese IT workers. They forged Chinese identification cards and stole relevant career credentials. To hide their tracks, the gang remitted money using bank accounts established using Chinese names and borrowed South Korean cyber gambling gang accounts. Some clients, however, evidently didn't mind that the operatives were under sanctions and knowingly maintained business with the North Koreans – lured by low cost and the ease of using a common language, according to a media report shared by NIS. Gyeonghueng is based in the Sino-Korean border town Dandong, which is also a hotspot for China's apparel industry since North Korean workers are willing to work for low wages. According to NIS, North Korean IT workers raising money illegally in the area blend right in. ® Get our Tech Resources Share MORE ABOUT * China * Gaming * Malware More like these × MORE ABOUT * China * Gaming * Malware * North Korea NARROWER TOPICS * Activision Blizzard * Advanced persistent threat * China Mobile * China telecom * China Unicom * Cyberspace Administration of China * Great Firewall * Hong Kong * JD.com * PlayStation 3 * Remote Access Trojan * Semiconductor Manufacturing International Corporation * Shenzhen * Steam * Uyghur Muslims BROADER TOPICS * APAC MORE ABOUT Share 3 COMMENTS MORE ABOUT * China * Gaming * Malware More like these × MORE ABOUT * China * Gaming * Malware * North Korea NARROWER TOPICS * Activision Blizzard * Advanced persistent threat * China Mobile * China telecom * China Unicom * Cyberspace Administration of China * Great Firewall * Hong Kong * JD.com * PlayStation 3 * Remote Access Trojan * Semiconductor Manufacturing International Corporation * Shenzhen * Steam * Uyghur Muslims BROADER TOPICS * APAC TIP US OFF Send us news -------------------------------------------------------------------------------- OTHER STORIES YOU MIGHT LIKE CHINESE COATHANGER MALWARE HUNG OUT TO DRY BY DUTCH DEFENSE DEPARTMENT Attack happened in 2023 using a bespoke backdoor, confirming year-old suspicions CSO9 days | 12 WHERE THERE'S A WILL, THERE'S A WAY TO GET US CHIPS INTO CHINA Buy 'em, rent 'em, smuggle 'em – export restrictions don't cover illegitimate means Systems10 days | 10 HOW DID CHINA GET SO GOOD AT CHIPS AND AI? CONGRESSIONAL INVESTIGATION BLAMES AMERICAN VENTURE CAPITALISTS Capitalism made communism stronger On-Prem7 days | 31 REDEFINING DATACENTER CONNECTIVITY WITH OPEN SOURCE NETWORKING Why meeting escalating traffic demands requires flexible, resilient, modern network architectures built on open standards Sponsored Feature CYBERCRIMINALS ARE STEALING FACE ID SCANS TO BREAK INTO MOBILE BANKING ACCOUNTS Deepfake-enabled attacks against Android and iOS users are netting criminals serious cash Research12 hrs | 23 INDIA WEIGHS 18 BIDS TO BUILD SUBSIDIZED LOCAL CHIP FACTORIES APAC in Brief PLUS: Rideshare mega-merger mooted; France raids Huawei; Mongolia plans first satellite Off-Prem4 days | 1 RASPBERRY ROBIN DEVS ARE BUYING EXPLOITS FOR FASTER ATTACKS One of most important malware loaders to cybercrims who are jumping on vulnerabilities faster than ever Research7 days | 2 FBI CONFIRMS IT ISSUED REMOTE KILL COMMAND TO BLOW OUT VOLT TYPHOON'S BOTNET Disinfects Cisco and Netgear routers to thwart Chinese critters Security15 days | 43 CHINA PUTS HOMEGROWN GPUS AND OTHER AI INFRASTUCTURE ON ITS NATIONAL TO-DO LIST Don't have to deal with sanctions if you build it yourself AI + ML16 days | 8 BUMBLEBEE MALWARE WAKES FROM HIBERNATION, FORGETS WHAT YEAR IT IS, ATTACKS WITH MACROS Trying to break in with malicious Word documents? How very 2015 of you Cyber-crime2 days | 5 US SAYS CHINA'S VOLT TYPHOON IS READYING DESTRUCTIVE CYBERATTACKS 12 international govt agencies sound the alarm, critical infrastructure at the heart of threats Security8 days | 9 THE LATEST COLD WAR IS ALREADY BEING FOUGHT IN THE SUPPLY CHAIN TRENCHES AI and the chips that power it are at the center of the equation Systems16 days | 2 The Register Biting the hand that feeds IT ABOUT US * Contact us * Advertise with us * Who we are OUR WEBSITES * The Next Platform * DevClass * Blocks and Files YOUR PRIVACY * Cookies Policy * Your Consent Options * Privacy Policy * T's & C's Copyright. All rights reserved © 1998–2024