Report Shows North Korean Cybercriminals Now Target Online Shoppers

A new report by cybersecurity company SanSec indicates that North Korean state-sponsored hackers are diversifying their cybercrime operations, focusing on new targets beyond banks and cryptocurrency exchanges. SanSec’s report reveals North Korean hackers are gaining a firm foothold in a new criminal enterprise exploiting online retailers and shoppers.

SanSec, a Dutch cybersecurity company, analyzed a series of North Korean cyberattacks that began in May 2019, in which hackers stole customers’ credit card information from online retail stores by intercepting the information during checkout. This type of attack is known as a “Magecart,” or “digital skimming,” scheme. Willem de Groot, a SanSec analyst, said that hackers sell this stolen credit card information on various dark web forums to make a profit. The SanSec report did not disclose the total amount of data stolen or the total profits North Korea collected.

This is the first time North Korean hackers have been linked to a Magecart scheme. Until now, North Korea has prioritized stealing from banks and cryptocurrency exchanges. A UN Panel of Experts report in 2019 revealed that Pyongyang stole hundreds of billions of dollars through cyber means. However, extensive and detailed reporting on North Korean cyber activity from the UN Panel, the U.S. government, and cybersecurity companies has better prepared potential targets for future attacks. This heightened public scrutiny could be forcing North Korean hackers to seek out new victims.

As tensions persist between Washington and Pyongyang, North Korean cyber activity is likely to endure. The United States and allied governments should prepare for future attacks by updating technical advisories and threat alerts on North Korean cyber operations. The U.S. Cybersecurity and Infrastructure Security Agency provides these vital reports to inform the most vulnerable public and private sector targets of the threat and how best to protect themselves.

Overall, North Korea relies on cybercrime as a means to dodge economic sanctions and raise funds for the regime. If Washington seeks to maintain sanctions pressure, it should provide detailed information to the private sector on the tactics, techniques, and procedures of North Korean hackers.

Mathew Ha is a research analyst focused on North Korea at the Foundation for Defense of Democracies (FDD), where he also contributes to FDD’s Center on Cyber and Technology Innovation (CCTI). For more analysis from Mathew and CCTI, please subscribe HERE. Follow Mathew on Twitter @MatJunsuk. Follow FDD on Twitter @FDD and @FDD_CCTI. FDD is a Washington, DC-based, nonpartisan research institute focusing on national security and foreign policy.