Three hackers from a North Korean cyber intelligence agency were found to have been the masterminds behind a 2019 attack on Malta, attempting a €13million heist on the Bank of Valletta (BOV).
Nigerian influencer Ramon Abbas, aka Hush Puppi, and his accomplice Ghaleb Alaumary were alleged to have conspired with the Lazarus Group, a cybercrime collective with ties to the North Korean government. The Lazarus Group had successfully masterminded attacks on Sony Pictures, the Bangladesh Bank, and released the WannaCry ransomware. The group’s cybercrime efforts, have been used to allegedly fund North Korea’s nuclear program.
Malta was seen as an easy target for their next attack, but instead contributed to the group’s downfall.
Standing trial in the US, court documents quote a suspect Alaumary as discussing the monitoring capabilities of the Maltese bank believing it would be an easy target to attack and then siphon off the money to Romanian banks. The hackers targeted BOV’s Swift messaging system, enabling them to send the money to bank accounts they control.
“If they don’t notice, we keep pumping,” Alaumary said, according to the charging document. “We still have access and they didn’t realize, we gonna shoot again tomoro am [sic].”
However, the Maltese bank cut off that access before the gang could fully execute their plan. Alaumary, looted only a fraction of what he had tried to steal and lamented “[too] bad they caught on or it would [have] been a nice payout.”
If not for the vigilant and quick actions of bank staff who identified discrepancies during the start of business when the reconciliation of international transactions threw up inaccuracies the attack would have been successful. Within 30 minutes of discovering the attack, BOV decided to shut down its systems. It was confirmed by the Malta Security Services that BOV had been the victim of a cyber- attack.
Using a simple but daring approach the group had broken into systems of a financier in France and posed as the French stock market regulator to contact entities in Malta and France. They sent authentic-looking emails with letterheads and a fake document that granted them access to the banks’ systems. They then transferred huge sums of money to banks in the UK, US, Czech Republic, and Hong Kong
.
And why was Malta attacked by North Korea? As explained in the BBC podcast The Lazarus Heist, the North Korean government had recruited hackers, into an elite unit, to plunder banks around the world as a means of financing the North Korean government. Exploiting Malta’s perceived vulnerability and being part of the EU, meant it could be a gateway into the European financial system allowing the hackers to gather and launder vast sums of money.
The group stole and extorted more than $1.3 billion (€1.07 billion) of money and cryptocurrency from financial institutions and companies across the globe, including BOV. Abbas was charged with money laundering, including the BOV heist. Both Abbas and Alaumary were sentenced to 11 years in the US for the crime.
If it wasn’t for the quick actions of the Maltese, Hush Puppi may have continued the large scale fraud helping to bankroll the North Koreans’ nuclear program.
This article first appeared in The Maltese Journal edition 484
