Nigeria has been listed among 18 countries where North Korean hackers have allegedly been attacking banks to get funds for sponsoring nuclear programme.
Cyber security firm Kaspersky disclosed this in a new report, said this could be regarded as the biggest bank heists in history.
The finding comes after more than a year-long investigation into the activity of Lazarus, a hacking group allegedly responsible for the theft of $81 million in US currency from the Central Bank of Bangladesh last year.
The suggestion that North Korea could have been behind the attack, or at least involved, has added to concerns that the Hermit Kingdom is becoming more bold it its cyber attacks against global financial institutions.
And the massive amounts of stolen money North Korea pilfers is likely being spent on advancing its development of nuclear weapons, two international security experts told CNN.
“This is all for their nuclear weapons and missile programs. They need this money for building and researching more ballistic missiles,” said Anthony Ruggiero, a senior fellow for Foundation for Defense of Democracies who specialises in North Korea.
The US has long been suspicious of the ties the Moscow-based company has to Russia but on the surface Kaspersky Lab is one of the world’s leading cybersecurity and antivirus firms.
The company’s report — which it presented this week at a cybersecurity conference in the Caribbean — claims it found evidence of the same hacking operation launching attacks on financial institutions in Costa Rica, Ethiopia, Gabon, India, Indonesia, Iraq, Kenya, Malaysia, Nigeria, Poland, Taiwan, Thailand, and Uruguay.
When Sony got hacked in 2014 as the company was preparing to release a Hollywood comedy satirising North Korea’s leader, the resulting FBI investigation pointed the finger at North Korea with clues reportedly leading to the Lazarus hackers.
A year earlier, the networks of three South Korean banks and its two largest broadcasters were hacked and blame was also placed on the country’s antagonistic neighbour to the north.
According to security experts, North Korea has focused its known cybercrimes almost entirely on financial institutions in recent years.
Kaspersky Lab implicated the country in the heist of the Bangladesh Central Bank by uncovering a momentary connection with a rare IP address emanating from North Korea.
“The first connections made on the day of configuration were coming from a few VPN/proxy servers indicating a testing period for the C&C (command and control) server; however, there was one short connection on that day which was coming from a very rare IP address range in North Korea,” the report said.
“This was another artefact pointing at a possible origin of the Lazarus group or at least some of its members.”
But in the murky world of cyber crime, it can often be all but impossible to determine exactly who is responsible for a given attack.
The North Korean government has reportedly denied allegations of the hack.
Kaspersky Lab itself has said that despite the evidence of the North Korean IP address, that “is not enough proof to provide definitive attribution given that the connection session could have been a false flag operation.”