2015-12
In December 2015, attackers stole about $16 million from a Guatemalan financial institution. Carnegie’s financial-sector timeline and UN Panel reporting identify the case as a high-confidence DPRK-affiliated financial theft, but the linked evidence does n…
🇬🇹 Guatemala
#Finance
#FinancialGain
2015-05
Vietnam’s Tien Phong Bank reported an attempted theft of more than EUR 1 million through fraudulent SWIFT messages in 2015. Linked financial-incident and UN Panel reporting place the case within the broader DPRK/Lazarus-associated pattern of SWIFT-enabled…
🇻🇳 Viet Nam
#Finance
#SWIFT
#FinancialGain
2015-01
In January 2015, Ecuador’s Banco del Austro lost about $12 million after attackers used compromised payment systems to send fraudulent SWIFT transfers, routing much of the money to companies in Hong Kong. Carnegie reporting says the bank recovered about $…
🇪🇨 Ecuador
#Finance
#FinancialGain
2014-12
The KHNP incident combined destructive-malware emails, compromised KHNP-related mail accounts, stolen employee, retiree, and contractor documents, public leak-and-shutdown threats, and limited host impact rather than disruption of nuclear plant operations…
🇰🇷 Korea, Republic of
#DataBreach
#Espionage
#Utility
2014-12
The Sony Pictures Entertainment attack involved Lazarus-linked Blockbuster malware with dropper, proxy, cleanup, credential-based lateral movement, C2 log reporting, and destructive disk/file wiping components. Evidence from Operation Blockbuster connecte…
🇺🇸 United States
#Destruction
#Entertainment
2014-07
Seoul Metro reported a multi-month compromise of office PC management infrastructure for subway lines 1 through 4, affecting 58 infected PCs, abnormal access involving 213 PCs, and loss of control over PC management and webzine servers. Investigators said…
🇰🇷 Korea, Republic of
#Transportation
#Espionage
2013-06
The June 25, 2013 cyberattack wave targeted South Korean government, political, military, and media-related sites with DDoS, outages, defacements, data exposure, and destructive malware timed to the Korean War anniversary. Technical evidence included comp…
🇰🇷 Korea, Republic of
#Government
#Destruction
2013-03
The “Whois Team” attacks against South Korean targets in March 2013 involved coordinated cyberattacks on banks and broadcasting companies, where systems were disrupted and in some cases rendered unusable, accompanied by website defacements and propaganda …
🇰🇷 Korea, Republic of
#Finance
#Media
#Destruction
2012-06
South Korean police attributed the June 2012 JoongAng Ilbo intrusion to North Korean-linked activity by an attacker using the alias IsOne after examining compromised newspaper production systems, logs, malware, and relay servers. The attacker prepared fro…
🇰🇷 Korea, Republic of
#Media
#Destruction
2011-04
The NH Nonghyup (National Agricultural Cooperative Federation) network paralysis incident occurred on April 12, 2011, when a cyberattack significantly damaged the network, disrupting services for several days. Initially thought to be an internal mishap, i…
🇰🇷 Korea, Republic of
#Finance
#Destruction
2011-03
In March 2011, South Korea and the United States experienced a series of DDoS (Distributed Denial of Service) attacks attributed to North Korea. These cyberattacks targeted various government, financial, and media websites, overloading them with traffic t…
🇰🇷 Korea, Republic of, 🇺🇸 United States
#Finance
#Government
#Destruction
2009-07
In July 2009, South Korea and the United States were targeted by a series of Distributed Denial of Service (DDoS) attacks, widely attributed to North Korean actors. These attacks involved overwhelming various websites and online services with excessive tr…
🇺🇸 United States, 🇰🇷 Korea, Republic of
#Finance
#Government
#Destruction