Fiji IT Specialists Learn to Counter North Korean Hackers

SUVA – From March 24 through April 1, 37 cybersecurity professionals from Fiji’s private financial institutions, telecom companies, the Reserve Bank of Fiji, the Financial Intelligence Unit, and government ministries attended a virtual workshop on the latest trends on North Korea’s offensive hacking techniques. According to the United Nations, North Korea repeatedly targets Fiji with cyber-attacks to gain access to currency and launder money in violation of international sanctions.

The workshop examined the tactics and techniques of Democratic People’s Republic of Korea (DPRK) hackers who attempt to steal funds for DPRK’s weapons of mass destruction program. The training was organized by the U.S. Embassy in Suva, the U.S. State Department’s Office of Cooperative Threat Reduction, the U.S.-based international training nonprofit CRDF Global, and the Australian tech firm Internet 2.0.

“The United States is grateful for the cooperation of Fiji’s IT specialists in addressing these serious threats posed by North Korean hackers,” said U.S. Embassy Chargé d’Affaires Tony Greubel. “We are all working together to end the threat to international peace and security posed by North Korea’s nuclear weapons and ballistic missile programs.”

Attendees examined the DPRK’s use of open-source intelligence to conduct reconnaissance on financial institutions before launching attacks on financial sector employees, supply chain security threats, and cyberattacks targeting SWIFT banking systems. Participants also learned best practices for cybersecurity management, incident response, and public information campaigns during ransomware attacks and data breaches. Finally, using a virtual training environment, the series also gave participants the opportunity to practice threat hunting to identify, monitor, and respond to security breaches of their networks firsthand.

Training modules included:
• Latest case studies on DPRK cyberattacks in the region and around the world.
• Common system vulnerabilities and institutional cybersecurity best practices.
• Threat intelligence, threat hunting, and incident response.
• Cyber security and how it relates to financial services and the SWIFT platform.