Back To Top

NK-associated hackers steal credit card information from online US retail stores: security firm


A North Korea-sponsored hacking group has been found to have stolen credit card information of American and European shoppers from online stores of US retailers for more than a year, a Dutch cyber security firm said.

Hackers associated with the "APT Lazarus/HIDDEN COBRA group" were implicated in breaking into the online stores through digital payment "skimming" from as early as May 2019, according to a report posted on the website of Sansec.

Digital skimming refers to a way to intercept information of credit cards during online store purchases by implanting a malware code. Its use has been growing among hackers in recent years and mostly dominated by Russian and Indonesian-speaking hacker groups, the security firm said.

"Previously, North Korean hacking activity was mostly restricted to banks and South Korean crypto markets, covert cyber operations," it said. "They have now extended their portfolio with the profitable crime of digital skimming."

Sansec attributed the activity to the North Korea-sponsored hacking group, saying that distinctive patterns in the malware code were identified that linked multiple hacks to the same actor.

The hacked retailers include such international fashion chain as Claire's, it said, though it did not disclose how much information has been stolen.

North Korea is known to have a large number of hackers who have been involved in cyberattacks aimed at stealing information and making money.

Last year, the US sanctioned three hacking groups it accused of carrying out cyberattacks to generate revenue for North Korea, most of the money presumed to flow into Pyongyang's nuclear and missile development programs. (Yonhap)