Experts working on United Nations to monitor violations of sanctions on North Korea were hit by a "sustained" cyber attack from an unknown source and gains access with a "very detailed insight" to their work.
According to an email sent by the chair of the panel of experts to U.N. Security Council committee that monitor sanctions on North Korea - known as 1718 committee - and U.N. officials, hackers were able to breach the computer of one of the experts on May 8.
The email, seen by Reuters, said that attackers sent a .zip file comprising a "highly personalized message" to one of the members of the investigatory group. The expert reportedly opened the .zip file that leads to installation of malware on the computer.
On May 10, the U.N. sanctions committee secretary sent a follow-up email to U.N. Security Council stating that the U.N. Office of Information and Communications Technology was already conducting an investigation about the compromised hard drive.
This is not the first attempt of attacking compromised device that monitors sanctions on North Korea. The chair of the panel of experts said that similar attack happened in 2016, though the attempt was unsuccessful. Now, committee chair cautioned that there is "heightened risk" of attack.
Meanwhile, North Korea has already denied any involvement in the attack. "It is ridiculous" to link the government of North Korea to the attack of the panel of experts monitoring sanctions, the North Korean UN Deputy Representative said.
The country also denied any association to WannaCry ransomware that hit roughly 300,000 machines in over 150 countries. But, the code used in the WannaCry attack - belongs to hacker group known as Shadow Brokers - shares the same code of malware linked to North Korea.
The code of WannaCry is "Contopee," a backdoor Trojan. This was employed by the North Korea-connected hacking organizations, Lazarus Group, to attack targets like Southeast Asia's financial institutions. The Lazarus Group is also said to be part of the 2014 attack on Sony Pictures that leaked unreleased films and confidential information.
The connection between Lazarus Group and WannaCry was identified by Google security researcher Neel Mehta. Security experts confirmed that two have similarities in code, but it does not mean that cyber attack is likely attributed to the same source.