North Korea running malware-laden gambling websites as-a-service

$5k a month for the site. $3k for tech support. Infection with malware and funding a despot? Priceless

North Korea's latest money-making venture is the production and sale of gambling websites that come pre-infected with malware, according to South Korea's National Intelligence Service (NIS).

The Service on Wednesday identified South Korean cyber crime organizations as buyers of the sites.

Reports allege that the North Korean faction responsible for this effort is an IT organization affiliated with the hermit kingdom's secretive Office 39 known as "Gyeongheung."

Office 39 sits within the ruling Workers Party of Korea. It's believed by many – including the US Department of Treasury – to be a revenue-generating machine of the country, providing foreign currency and slush funds for the North Korea's leaders through both legal and illegal activities.

Whoever runs the scam, the NIS believes they've made billions of dollars in profit.

The websites are rented at around $5,000 a piece per month. For an extra $3,000 per month North Korea throws in tech support.

Local media report that an additional $2000 to $5000 might be granted if the website can gather a significant volume of bank account details from the PayPal accounts of Chinese nationals.

Furthermore, NIS reported that the websites it has investigated contained malicious code in a feature that made automatic bets. The threat actors use the code to steal the personal information of gamblers, and have attempted to sell approximately 1,100 pieces of personal data pertaining to South Korean citizens.

To circumvent UN sanctions that prohibit hiring North Korean workers, the group building the sites posed as Chinese IT workers. They forged Chinese identification cards and stole relevant career credentials. To hide their tracks, the gang remitted money using bank accounts established using Chinese names and borrowed South Korean cyber gambling gang accounts.

Some clients, however, evidently didn't mind that the operatives were under sanctions and knowingly maintained business with the North Koreans – lured by low cost and the ease of using a common language, according to a media report shared by NIS.

Gyeonghueng is based in the Sino-Korean border town Dandong, which is also a hotspot for China's apparel industry since North Korean workers are willing to work for low wages.

According to NIS, North Korean IT workers raising money illegally in the area blend right in. ®

More about

TIP US OFF

Send us news


Other stories you might like