Threat actors linked to North Korea have been known to launch — in addition to espionage and destructive campaigns — financially-motivated attacks, including against cryptocurrency exchanges and banks. These profit-driven attacks are believed to have helped Pyongyang raise significant amounts of money.
Sansec believes North Korean hackers, tracked by many as Lazarus and Hidden Cobra, have also targeted online stores in Magecart-style attacks. The cybersecurity firm believes the threat actor has launched these types of skimming attacks since at least May 2019. The campaign has been linked to North Korea based on overlaps in infrastructure and malware code.