OpsLens

The United Nations Panel in Charge of North Korean Sanctions Has Been Hacked

While North Korea denies any involvement, information is starting to point to a possible cyber attack by Pyongyang.

IT and security experts at the UN are investigating a “sustained” cyber-attack by unknown hackers with “very detailed insight” into the work of the group responsible for monitoring violations of sanctions on North Korea.  This was reported in an email warning seen by Reuters on Monday.

A spokesman for the Italian mission to the United Nations, which chairs the 1718 sanctions committee, said a member of the panel of experts had been hacked.

The chair of the panel of experts wrote in an email to U.N. officials and the U.N. Security Council’s North Korea sanctions committee, known as the 1718 committee, that they had been the subject of a cyber attack.  The hackers breached the computer of one of the experts on May 8.

The email said, “As a number of 1718 committee members were targeted in a similar fashion in 2016, I am writing to you all to alert you to this heightened risk,” the chair of the panel of experts wrote, describing the attack as part of a “sustained cyber campaign.”

“The zip file was sent with a highly personalized message which shows the hackers have very detailed insight into the panel’s current investigations structure and working methods.”

North Korea’s deputy United Nations envoy said on Friday “it is ridiculous” to link Pyongyang with the hacking of the U.N. panel of experts or the WannaCry “ransomware” cyber attack that started to sweep around the globe more than a week ago.

But, cyber security researchers have found technical evidence they said could link North Korea with the WannaCry attack.  Experts at the global cyber-security firm Symantec found that earlier versions of the ransomware known as WannaCry were found on computers that also bore evidence of the cyber tools used against Sony Pictures Entertainment, as well as banks in Poland and Bangladesh’s central bank attacks that all were linked to North Korea.

Also, a researcher at Google singled out an identical code used both in the ransomware and used by the Lazarus Group, a team of hackers tied to North Korea, noted Symantec.

North Korea’s main spy agency has a special cell called Unit 180 that is likely to have launched some of its most daring and successful cyber attacks, according to defectors, officials and Internet security experts.

The U.N. Security Council first imposed sanctions on North Korea in 2006 and has strengthened the measures in response to the country’s repeated violations, nuclear weapon tests, and long-range rocket launches.  Pyongyang is threatening a sixth nuclear test.

The U.N. is currently investigating the cyber attack on the 1718 Committee and has issued the following statement:  “Increased vigilance relating to 1718 Committee-related correspondence is therefore advised until data analysis, and related investigations are completed.”