A North Korean Cyber Espionage Group Was Active in SA – New Report
A new report on growing cybersecurity challenges has disclosed details of latest threat intelligence reports on South Africa, including the cybersecurity firm’s analysis of APT groups in the country – major threat actors hunting for sensitive information and finances.
According to Kaspersky, South Africa faced attacks from North Korean group Lazarus and Chinese speaking group CloudComputating throughout 2021. The cybersecurity firm notes that advanced persistent threats (APTs) are typically a nation-state or state-sponsored group of extremely stealthy high-level threat actors. In the vast majority of cases, they attack strategically important organisations with a goal of cyberespionage and, in rarer cases, financial gain, since the cost of their cyberattacks is usually too high to turn it into financial profit.
The Lazarus group has been one of the world’s most active threat actors since at least 2009, notable for their hunt for finances and their particular interest in cryptocurrencies. In 2021 Kaspersky detected their activity in South Africa.
Read also Ozone Builds a World of Cybersecurity Solutions for South African Businesses
“For the past three years, we saw a rapid decrease in cryptocurrency-related crime worldwide. However, in 2021, we saw cryptocurrency-related cybercrime booming on every level with the growth of bitcoins, especially in South Africa, says Maria Garnaeva, Senior Security Researcher at Kaspersky ICS CERT team.
“Generally speaking for the African region, the region has faced a number of complexities with aligning to Fiat money regulatory requirements, including the infrastructure, processes and capacity to regulate and govern fiat money and transactions originating in local markets. So, on one hand, cryptocurrencies present massive attractive opportunities for more inclusive accessibility of financial services – and particularly for the ‘unbanked’ population. On the other hand, however, this potential is just as attractive to cybercriminals and threat actors, and therefore we have seen a boom in interest in alternative funds – and mostly in cryptocurrencies.”
“Lazarus schemes often include the laundering of money into cryptocurrencies, and therefore we anticipate that countries in Africa might interest them in this way as well apart from ordinary cyber espionage operations,” Garnaeva adds.
Read also South African Fintech Firm, Crossfin, Acquired For $94.3m
CloudComputating, a Chinese speaking group, is another threat actor, detected in the region for the very first time, which has been focused on cyber-espionage attacks of governmental and diplomatic entities. Their presence is likely a result of increased economic activity in the region as well as trades across the Maritime Silk Road.
“Like any crime, cybercrime appears in the areas of the most rapid development, adds Garnaeva.
Read also Cellulant to Power Payments for ImaliPay’s Drive for Gig Workers’ Financial Inclusion
“The new actors in the region are merely reflecting the increased frequency and development of global communications and the growth of South Africa’s international agenda.
Kelechi Deca
Kelechi Deca has over two decades of media experience, he has traveled to over 77 countries reporting on multilateral development institutions, international business, trade, travels, culture, and diplomacy. He is also a petrol head with in-depth knowledge of automobiles and the auto industry