Washington has issued an advisory warning about North Korea’s (DPRK) ongoing cyber threat.
According to the statement,
“The DPRK’s malicious cyber activities threaten the United States and the broader international community and, in particular, pose a significant threat to the integrity and stability of the international financial system. […] The DPRK has increasingly relied on […] cybercrime to generate revenue for its weapons of mass destruction and ballistic missile programs. In particular, the United States is deeply concerned about North Korea’s malicious cyber activities, which the U.S. government refers to as HIDDEN COBRA.”
The warning outlined some common tactics the Pyongyang-sponsored cyber criminals use to gain funds. Sometimes, the target is not a national asset or an individual or a business, but a financial institution or a digital currency. The illicit gains are then laundered within North Korea.
Despite its weak economy, The DPRK has the capability to conduct cyber activities that endanger both key national infrastructure for global goals, and private enterprises to illicitly profit from the hard work of others. The rogue nation has demonstrated a pattern of disruptive and harmful cyber activity that, according to the U.S. government, “[…] is wholly inconsistent with the growing international consensus on what constitutes responsible State behavior in cyberspace.”
Pyongyang’s state-sponsored cyber actors primarily consist of hackers, cryptologists, and software developers who conduct espionage, cyber-enabled theft targeting financial institutions and digital currency exchanges, and politically-motivated operations against foreign media companies. They develop and deploy a wide range of malware tools around the world to enable these activities and have grown increasingly sophisticated.
Extortion is a common tactic. The cyber crooks will threaten to disrupt or shut down entirely an organization’s valuable online presence unless money is paid. Occasionally, these arrangements are called “consulting contracts,” with the alleged services simply promising not to attack the business. It’s the 21st century of the old tactic of promising not to break a store window unless money is given to the vandal.
Another interesting approach is known as “cryptojacking.” That involves a scheme to compromise a victim machine and steal its computing resources to mine digital currency.
The attacks have been widespread, and have even included the U.S. government and the military.
The most famous cyber attacks include the 2014 assault on Sony Pictures, a 2016 attempt to steal a billion dollars from a Bangladesh bank, the infamous 2017 “Wannacry” virus that affected massive numbers of computers, including those used in private homes, and the 2016 “Fastcash” tactic which targeted ATMs in Asia and Africa.
There has been an international response. In December 2017, Australia, Canada, New Zealand, the United States, and the United Kingdom publicly attributed the WannaCry 2.0 ransomware attack to the DPRK and denounced its outrageous cyber activity. Denmark and Japan issued supporting statements for the joint denunciation of the destructive WannaCry 2.0 ransomware attack, which substantially affected hundreds of thousands of computers around the world in May of that year.
The FBI and other U.S. agencies have urged businesses and governments to strengthen their computer security, and to promptly report all attempts at theft and coercion by Pyongyang’s agents.
Washington has strongly urged countries to strengthen network defense, shutter DPRK joint ventures in third countries, and expel foreign-located North Korean information technology (IT) workers in a manner consistent with applicable international law. A 2017 UN Security Council resolution required all Member States to repatriate DPRK nationals earning income abroad, including IT workers, by December 22, 2019. The Trump Administration has requested that governments around the world, and the private sector as well, to enhance their capacity to deal with this threat and participate in international efforts to protect cyberspace.
Frank Vernuccio serves as editor-in-chief of the New York Analysis of Policy & Government.