Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireCybersecurity News

North Korean hackers are skimming US and European shoppers

hacker- enews
July 7, 2020

North Korean state sponsored hackers are implicated in the interception of online payments from American and European shoppers, Sansec research shows.

Hackers associated with the APT Lazarus/HIDDEN COBRA group were found to be breaking into online stores of large US retailers and planting payment skimmers as early as May 2019, says the Sansec Threat Research Team. "Previously, North Korean hacking activity was mostly restricted to banks and South Korean crypto markets, covert cyber operations that earned hackers $2 billion, according to a 2019 United Nations report. As Sansec’s new research shows, they have now extended their portfolio with the profitable crime of digital skimming," says the research team. 

Sansec researchers have attributed the activity to HIDDEN COBRA because infrastructure from previous operations was reused. Furthermore, distinctive patterns in the malware code were identified that linked multiple hacks to the same actor. 

Hank Schless, Senior Manager, Security Solutions at Lookout, a San Francisco, Calif.-based provider of mobile phishing solutions, explains: 

“Magecart-like skimming campaigns can be difficult to track and protect against. While it hasn’t yet been disclosed how the group was able to gain access to the infrastructure of certain retail sites, the majority of compromises begin with a phishing communication. Traditionally, this has been through email, but with a heavier reliance on mobile devices during the global shift to remote work, SMS, 3rd-party messaging apps, and social media platforms are being delivery surfaces for credential harvesting. 

Once a malicious individual or group has login credentials, they can quietly inject malicious code into the checkout page of a retail site. Much like a trojanized version of a legitimate mobile app, this is close to impossible for a consumer to spot, and if the retail organization doesn’t have proper security measures built in across all channels, they might not recognize the change in their code until it’s too late. 

Traditionally, seeing a state-sponsored group carry out a card skimming campaign might seem curious, especially if it was a wealthier nation. Magecart is far less complex than what the world is accustomed to seeing from nation-states and is usually carried out by individuals or smaller groups for incremental financial gain. However, North Korea is so heavily sanctioned and struggles economically, so it will clearly use whatever tactics it can to get access to funds. 

Code injection attacks like this are impossible for a consumer to see and incredibly difficult for an organization to spot if they don’t have the right security tools in place. Much like trojanizing a legitimate version of a mobile app, injecting malicious code into a webpage can be a cheap and easy way to grab a handful of valuable personal data. 

So, what does this say about the group's current TTPs and how they may have evolved over the years?

Lazarus Group has targeted financials for years with a past focus on institutions and online cryptocurrency exchanges. The addition of Magecart to their arsenal shows that they’re taking any measures possible to gain access to funds. By likely using phishing attacks to gain access to employee login credentials, it also shows that they are leveraging more parts of the risk landscape to covertly gain access to organizations’ infrastructure. Across the board, we're seeing governments take on more complex means to track and compromise civilians for various reasons, such as the Chinese government targeting the Uighur population through mobile devices and applications.

Organizations need to lock down every potential risk vector - from customer payment platforms to employee mobile devices. By the same token of giving up their credit card data, an employee could be phished for their login credentials from their mobile device and give a malicious actor access to highly sensitive data inside the corporate infrastructure. Whatever angle is taken, now is a time where IT and security teams must evaluate every possible threat vector that an attacker could take advantage of.”

Brandon Hoffman, CISO, Head of Security Strategy at Netenrich, a San Jose, Calif.-based provider of IT, cloud, and cybersecurity operations and services, notes:

“It is certainly not a surprise that nation-state activity would crossover into the realm of cybercrime. It has been discussed in the intelligence circles for years that the boundary between nation state and cybercrime is becoming blurred. Nation state actors have been re-purposing, buying, and using more mainstream cybercrime tools and services to obfuscate their activity. The fact that nation state activity is now directly related to perpetrating attacks for financial gain is not a surprise because many of these countries need another source of funds to cover costs of teams and to fuel the real goals of nation state hacking. Magecart activity may be the first but won’t be the last. From their perspective, if they have the tools and skills to perform advanced persistent threat activity, why wouldn’t they use it to fill the coffers as well. 

To the second point, considering the history of Lazarus group this shift to more transactional fraud activity makes sense. Back in 2018 a DOJ criminal complaint was unsealed that named one purported member of Lazarus group in activity related to stealing $81 million from a bank, the Sony attack, and even WannaCry ransomware. The fact that Lazarus group, purportedly, was involved in ransomware activity and bank fraud over the years speaks directly to the evolution of these TTPs as in line with the current cybercriminal landscape. I would expect them to keep pace with in vogue methods and techniques of fraud and exercise their opportunity when they can.”

KEYWORDS: cyber security hackers information security network security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Person working on laptop

Governance in the Age of Citizen Developers and AI

patient at healthcare reception desk

Almost Half of Healthcare Breaches Involved Microsoft 365

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • workforce

    Three North Korean military hackers indicted in scheme to commit cyberattacks

    See More
  • cybersecurity

    Google: North Korean hackers target security researchers

    See More
  • data center-enews

    CISA, FBI, Treasury Department & CYBERCOM warn of North Korean malware

    See More

Related Products

See More Products
  • databasehacker

    The Database Hacker's Handboo

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing