Unpacking North Korea's Gambling Web Service

Diving into Details

• By providing these groups with gambling platforms, North Korea leverages this avenue to siphon off funds and gather sensitive information, thereby breaching international cybersecurity boundaries.
• The websites are rented out at about $5,000 a piece per month, and buyers can receive tech support with an extra $3,000. 
• If the website can collect a large number of bank account details from the PayPal accounts of Chinese nationals, it might receive an extra $2000 to $5000.

Attack tactic

• The group constructing the websites pretended to be Chinese IT workers in order to bypass UN sanctions prohibiting the employment of North Korean workers.
• They created fake Chinese ID cards, obtained career credentials, and used Chinese names to set up bank accounts to conceal their activities. Additionally, they utilized accounts associated with South Korean cyber gambling groups.

Why this matters

• The strategy underscores a dual-purpose approach: revenue generation and intelligence gathering. 
• The NIS stated that the websites it examined had malicious code in a feature that enabled automatic betting. 
• The perpetrators utilized this code to steal the personal information of gamblers and tried to sell about 1,100 pieces of personal data related to South Korean citizens.

The bottom line