Namibia fingered in spy probe
American cybersecurity company McAfee revealed this past weekend that its experts, who are on the trail of North Korea's Operation Sharpshooter, had uncovered that Windhoek IP addresses had been used in global cyber-attacks.
Sharpshooter is a cyber-espionage operation by a North Korean group calling itself Lazarus, which is reportedly backed by that country's government.
The group is also known as Hidden Cobra and Guardians of Peace and has been linked to a cyber-attack in 2014 on Sony Pictures, one in 2016 on Swift banking services and a WannaCry attack in 2017 in which cybercriminals demanded a ransom to release the data of targeted companies.
America's Federal Bureau of Investigation (FBI) last year accused North Korean computer programmer Park Jin Hyok of cyber-attacks and linked him to the Lazarus group.
McAfee analysts that deal with advanced threats revealed in December last year that 80 organisations in the telecommunications and energy sectors, as well as governments and militaries have been targeted.
The United States, Switzerland and Israel were at that stage in Lazarus's sights.
Raj Samani, a chief scientist at McAfee, said the command and control code, as well as the data of the server used in the cyber-attacks, had revealed new information about how the attackers had developed and used control infrastructure to spread computer virus programmes.
The data was supplied to McAfee by a government institution for analysis.
One of the findings was that Sharpshooter had started early in September 2017 with cyber-attacks and had targeted more countries than originally thought.
McAfee senior chief engineer Christiaan Beek said getting access to the command and control code of the attackers was an exceptional opportunity.
“It supplied information about the infrastructure used in the cyber-attacks. The data is usually confiscated by law enforcement and is seldom available to private analysts,” he said.
“These attacks started a year earlier than previously thought and now focus primarily on financial institutions, governments and critical infrastructure. The latest attacks were mainly on Germany, Turkey, Britain and the US.”
Windhoek links
McAfee said further that the cybercrimes can be traced back to “IP addresses in Windhoek”.
“This is why McAfee Advanced Threat Research analysts suspect the attackers behind Sharpshooter had tested their implanting and other techniques in this part of the world, before they launched a broader campaign of attacks,” a statement said.
An IP or internet protocol address is a unique number similar to a telephone number that computers use to send information across the internet to other computers.
Andrew Fordred, a cyber-expert and former intelligence officer in in the South African police, said the attacks, which implanted computer viruses using Trojan malware, could have taken place outside Namibia.
“They could have done it outside Namibia and the victims whose IP addresses were used were probably not aware of it.
“It's also possible that the IP addresses were used in the test phase, before wider attacks were launched against the United States,” Fordred said.
Ties
Pressure mounted on Namibia during 2015 and 2016 over North Korean company Mansudae Overseas Projects (MOP) being active in construction projects in the country.
The United Nations panel monitoring the Security Council's sanctions against North Korea reported in 2016 that Mansudae was a front for weapons firm Korea Mining Development Trading Corporation (KOMID) and that Namibia was in violation of the sanctions.
Mansudae was registered in Namibia in 2004 as MOP Architectural & Technical Services (Namibia) and raked in huge building contracts, including government's State House project.
Hugh Griffiths, the coordinator of the UN panel, said in 2017 in an interview with CNN they were waiting for more than a year for written and documentary proof that the North Koreans had left Namibia.
Diplomatic sources said in October 2017 there was no reason to doubt the Namibian government's word that the North Koreans had withdrawn earlier that year.
RONELLE RADEMEYER
Sharpshooter is a cyber-espionage operation by a North Korean group calling itself Lazarus, which is reportedly backed by that country's government.
The group is also known as Hidden Cobra and Guardians of Peace and has been linked to a cyber-attack in 2014 on Sony Pictures, one in 2016 on Swift banking services and a WannaCry attack in 2017 in which cybercriminals demanded a ransom to release the data of targeted companies.
America's Federal Bureau of Investigation (FBI) last year accused North Korean computer programmer Park Jin Hyok of cyber-attacks and linked him to the Lazarus group.
McAfee analysts that deal with advanced threats revealed in December last year that 80 organisations in the telecommunications and energy sectors, as well as governments and militaries have been targeted.
The United States, Switzerland and Israel were at that stage in Lazarus's sights.
Raj Samani, a chief scientist at McAfee, said the command and control code, as well as the data of the server used in the cyber-attacks, had revealed new information about how the attackers had developed and used control infrastructure to spread computer virus programmes.
The data was supplied to McAfee by a government institution for analysis.
One of the findings was that Sharpshooter had started early in September 2017 with cyber-attacks and had targeted more countries than originally thought.
McAfee senior chief engineer Christiaan Beek said getting access to the command and control code of the attackers was an exceptional opportunity.
“It supplied information about the infrastructure used in the cyber-attacks. The data is usually confiscated by law enforcement and is seldom available to private analysts,” he said.
“These attacks started a year earlier than previously thought and now focus primarily on financial institutions, governments and critical infrastructure. The latest attacks were mainly on Germany, Turkey, Britain and the US.”
Windhoek links
McAfee said further that the cybercrimes can be traced back to “IP addresses in Windhoek”.
“This is why McAfee Advanced Threat Research analysts suspect the attackers behind Sharpshooter had tested their implanting and other techniques in this part of the world, before they launched a broader campaign of attacks,” a statement said.
An IP or internet protocol address is a unique number similar to a telephone number that computers use to send information across the internet to other computers.
Andrew Fordred, a cyber-expert and former intelligence officer in in the South African police, said the attacks, which implanted computer viruses using Trojan malware, could have taken place outside Namibia.
“They could have done it outside Namibia and the victims whose IP addresses were used were probably not aware of it.
“It's also possible that the IP addresses were used in the test phase, before wider attacks were launched against the United States,” Fordred said.
Ties
Pressure mounted on Namibia during 2015 and 2016 over North Korean company Mansudae Overseas Projects (MOP) being active in construction projects in the country.
The United Nations panel monitoring the Security Council's sanctions against North Korea reported in 2016 that Mansudae was a front for weapons firm Korea Mining Development Trading Corporation (KOMID) and that Namibia was in violation of the sanctions.
Mansudae was registered in Namibia in 2004 as MOP Architectural & Technical Services (Namibia) and raked in huge building contracts, including government's State House project.
Hugh Griffiths, the coordinator of the UN panel, said in 2017 in an interview with CNN they were waiting for more than a year for written and documentary proof that the North Koreans had left Namibia.
Diplomatic sources said in October 2017 there was no reason to doubt the Namibian government's word that the North Koreans had withdrawn earlier that year.
RONELLE RADEMEYER
Comments
Namibian Sun
No comments have been left on this article