By Nicole Perlroth
North Korean hackers who have targeted American and European businesses for 18 months kept up their attacks last week even as President Donald Trump was meeting with North Korea’s leader in Hanoi.
The attacks, which include efforts to hack into banks, utilities and oil and gas companies, began in 2017, according to researchers at cybersecurity company McAfee, a time when tensions between North Korea and the United States were flaring. But even though both sides have toned down their threats and begun nuclear disarmament talks, the attacks persist.
In 2017, Trump mocked Kim Jong Un as “rocket man” in a speech at the United Nations, while North Korea tested missiles capable of delivering a nuclear warhead to the United States. The attacks began soon after that. Though the two sides failed to reach an agreement last week, Trump struck a conciliatory tone toward his North Korean counterpart.
The revelation of North Korea’s most recent hacking activity adds new details to the tensions surrounding the summit last week, which ended abruptly without any deals. After their first meeting, 15 months earlier, North Korea had agreed to stop test-firing its missiles.
“For 15 months, they haven’t tested weapons because of this negotiation, but over those same 15 months they have not stopped their cyber activity,” said Victor Cha, Korea chairman at the Center for Strategic and International Studies in Washington.
With the help of an unnamed foreign law enforcement agency, the McAfee researchers gained access to one of the main computer servers used by the North Korean hackers.
The McAfee researchers said they watched, in real time, as the North Koreans attacked the computer networks of more than 100 companies in the United States and around the world. Last month, they expanded their targets to companies in Turkey.
“They are very, very, very active. It’s been nonstop,” said Raj Samani, McAfee’s chief scientist. “We’ve seen them hit in excess of 100 victims.”
The motive of the attacks was not clear. They were well-researched and highly focused and, in many cases, aimed at engineers and executives who had broad access to their companies’ computer networks and intellectual property.
McAfee would not name the targets of the attacks and said it would be alerting victims and government authorities Monday.