North-Korean hackers, increasing Chinese intelligence presence in Nepal a fresh cause of worry for India

Nepal under KP Oli Sharma government is fast turning into a hub to stage operation by the State Security Bureau of China, Beijing’s intelligence army, and North Korean cyber and money laundering operations, official sources said. North Korean hackers who target banking systems and steal critical technology are suspected to be working for Chinese intelligence to target Indian systems, officials said.

Officials pointed to hacking attempts by injecting special computer program like Icebug, Hidden Lynx (a professional advanced persistent threat using the program), and APT-12 into Indian systems. The Chinese and North Korean hackers are also engaged in spying against India operating from Nepal for quite a long time. These hackers are also engaged for cybercrime and hacking into bank cash machines in Nepal too.

In 2019, the Nepal Police detained 122 Chinese nationals, who entered the country on tourist visas, for carrying hacking attempts. Evidence suggests that North Korean groups have been found to be directly working for the North Korean Directorate General of Military Intelligence, which is also known as the Lazarus group or Hidden Cobra.

Lazarus, a North Korea-sponsored hacking group, hatched a plot to launch mass-scale ‘phishing’ attacks through fake emails designed as COVID-19 relief efforts. The target of ‘phishing’ attack are countries like US, UK, Japan, Singapore, and South Korea and India, where the respective governments extended stimulus payments to deal with COVID-19 pandemic. 

“These phishing emails are designed to drive recipients to fake websites where they will be deceived into divulging personal and financial information,” said a security research firm, CYFIRMA, which has exposed the Lazarus Group’s plans.

According to a report published in Nepali media a few months ago, also highlighted the fact, how a group of North Korean nationals operating illegal hacking from the busiest neighbourhood in the capital city of Kathmandu shows Nepal’s homeland security could be in threat. It signifies an alarming crisis of Nepal’s security in compliance with its commitment to international forums like the UN. It the situation persists, it won’t be long before Nepal is branded a criminal hub.

According to the website, “a group of North Korean hackers has remained surreptitiously active in operating cyber espionage from Apartment No 16 ‘A’ of the Harmony Housing at Tokha, especially targeting banking and financial institutions across the world.” The report further mentions that the gang took resort in Harmony Housing in collaboration with some Nepali nationals. The principal objective was found to be targeting banks, financial institutions, and organizations as well as retrieving sensitive information from different intelligent organizations. They supplied this data, facts, and information back to the North Korean government which is under crippling economic sanctions.

US Government agencies also have sounded an alert of activities of North Korean hackers group is carrying out a sophisticated cyber-enabled attack on ATM to rob banks and other financial institutions in the world. Most of these North Korean national operating from Nepal are posing a great security threat to India. The main motive of this North Korean hackers groups to collect money for the North Korean regime.

In an alert issued by the Cybersecurity and Infrastructure Security Agency (CISA), Treasury, FBI, and USCYBERCOM said, “The The North Korean hackers' group BeagleBoyz have resumed their ATM cash-out campaigns that they have been conducting since 2015 with remarkable success. Money stolen by the cybercrime group is used by the North Korean regime to develop UN-prohibited nuclear weapons and ballistic missile programs.”