Whenever I hear about hackers in North Korea I always wonder how they could support a sophisticated info sec agency with advanced capabilities. I guess I just assumed there isn’t really a thriving tech community in NK from which to recruit.
I honestly don’t know, maybe this attack is as simple as tricking a maintainer into merging a sketchy commit, and not that sophisticated?
Or do they “purchase capability” from supporters like China or Russia?
This attack does seem to be on the simpler side technically.
NK recruits their hackers straight from the elite-ish high schools, trains them in computer science, and send them abroad with the objective to earn money through any technical means. How exactly they do it is pretty much up to them.
I can highly recommend the podcast “The Lazarus Heist” if you want to know more about NKs state hacking ventures: http://www.bbc.co.uk/programmes/w13xtvg9
RSS address: https://podcasts.files.bbci.co.uk/w13xtvg9.rss