Article Details

North Korea now running malware-laden gambling websites as-a-service. $5k a month for the site. $3k for tech support. Infection with malware and funding a despot? Priceless. North Korea’s latest money-making venture is the production and sale of gambling websites that come pre-infected with malware, according to South Korea’s National Intelligence Service (NIS). The Service on Wednesday identified buyers of the sites as South Korean cybercrime organizations. Reports allege that the North Korean faction responsible for this effort is an IT organization affiliated with the hermit kingdom’s secretive “Office 39”, aka “Gyeongheung”. Office 39 sits within the ruling Workers Party of Korea. It’s believed by many, including the US Department of Treasury, to be a revenue generating machine of the country, providing foreign currency and slush funds for the country’s leaders through both legal and illegal activities. Whoever ran the scam, the NIS believes they made billions of dollars in profit. The websites were rented at around $5,000 a piece per month. For an extra $3,000 per month North Korea threw in tech support. Local media reported that an additional $2000 to $5000 was granted if the website was able to gather a significant amount of bank account details from the PayPal accounts of Chinese nationals. Furthermore, NIS detailed that the websites contained malicious code in a feature that made automatic bets. The threat actors used the code to steal the personal information of gamblers and later attempted to sell approximately 1,100 pieces of personal data describing South Korean citizens. To circumvent UN sanctions that prohibit hiring North Korean workers, the group posed as Chinese IT workers. They forged Chinese identification cards and stole relevant career credentials. To hide their tracks, the gang remitted money using bank accounts established using Chinese names and borrowed South Korean cyber gambling gang accounts. Some clients, however, did not mind that the operatives were under sanctions and knowingly maintained business with the North Koreans, lured by low cost and the ease of using a common language, according to a media report shared by NIS. Gyeonghueng is the IT organization affiliated with Office 39. The group is based in Sino-Korean border town Dandong, a town near the Chinese border. Dandong is also a hotspot for China’s apparel industry, as North Korean workers are willing to work for low wages. NIS said North Korean IT workers raising money illegally in the area therefore blend right in.