Why the North Korean cyber threat shouldn't be ignored

At the luxurious Capella Hotel on Sentosa, off the southern coast of Singapore tomorrow, two of the world’s most divisive leaders will meet in a historical summit. You might have heard about it. But while most of the discussion has been around Trump’s insistence that North Korea “de-nuke”, what about the DPRK’s cyber program?


How has North Korea become such a cyber threat?

The Korean peninsula (including South Korea) has risen to be “one of the top three geographies hosting DDoS botnet command and control services and being the originator of DDoS attacks worldwide,” according to Carl Herberger, Radware’s vice president of security solutions. The country’s cyber program goes back to the 80s/90s and cyber actors are reportedly trained from a young age. Threat Intelligence and research firm Flashpoint has analyzed publicly released North Korean educational textbooks. They revealed that programming is introduced in secondary school, with more advanced topics and information security principles being taught in tertiary programs. Javier Velazquez, threat intelligence analyst at EclecticIQ explains that the education system is specifically designed to prepare top students for entry into specialized universities in the North Korean capital, Pyongyang.

For a long time, their priorities were very local, which allowed North Korean cyber actors to experiment and improve their skills without attracting too much attention from major cybersecurity companies. “It wasn't until Sony that the majority of the industry really started tracking the threat. By then, they had overcome most of the amateur mistakes,” says Ross Rustici, senior director of intelligence services at security specialist Cybereason.

The state-sponsored hacking program is highly advanced and covers three main areas: intelligence operations, destructive campaigns, and currency generation. “Their intelligence units are the best both in terms of operational security and the techniques they use,” says Rustici. The destructive group is the most well-known of the three, Rustici explains, being responsible for the attack against Sony and the year before that the media and banking attack in South Korea. “This group is good enough to get the job done but not overly advanced.” The final group is the most prolific and is responsible for generating money for the regime. Dabbling in “just about anything that can make money online”, the vast majority of these groups work outside of North Korea, are “well-resourced and thought out to have it achieve multiple aims”.

To continue reading...


« European blockchain institutions welcome input from IT professionals


A buyer's guide to six top IT alerting and incident management tools »
Kate Hoy

Kate Hoy is Editor of IDG Connect

  • twt
  • twt
  • Mail


Do you think your smartphone is making you a workaholic?