HP Warns of Growing North Korean Cyber Menace

Written by

North Korea poses an increasingly serious online threat to the US and its allies despite an ageing infrastructure and relative lack of resources, according to a new report from HP on the cyber capabilities of the Hermit Kingdom.

The 75-page report, Profiling an enigma: The mystery of North Korea’s cyber threat landscape, acknowledges that intelligence on the rogue state is limited, can be dated and – when it comes from South Korea – is often biased.

It also points out that the country’s electrical grid “cannot support a large technological infrastructure”; its email, internet and 3G services are limited and strictly controlled; and that it has “failed in its attempts at large-scale production of electronic components” in the light of international sanctions.

However, HP says that North Korea has still managed to maintain a “remarkable commitment to developing cyber warfare capabilities even as it copes with ageing infrastructure.”

“While one would expect the regime’s digital infrastructure to also suffer from aging or lack of resources, these factors do not take away from their technical abilities to wage cyber warfare,” it continues.

South Korean sources quoted by the report claim that North Korean operatives have penetrated US networks more frequently than hackers from any other country, while another in July this year claimed that the country has trained as many as 5,900 personnel to carry out such missions.

“Cyber warfare is simply the modern chapter in North Korea’s long history of asymmetrical warfare,” the report says.

These capabilities are a more effective way to make up for a lack of traditional military power, while the country’s “air-gapped networks and prioritization of resources for military use provide both a secure and structured base of operations for cyber operations and a secure means of communications.”

The Kim Jong-un regime also uses a network of international operatives to launch attacks and steal data, the report says.

These include state-run businesses located in 30-40 countries around the world used for “espionage activities”.

State-sponsored cyber attacks are usually launched from cells based in China, US, South Asia, Europe and South Korea to make attribution difficult, HP claims.

One particular group of ethnic North Koreans living in Japan known as the Chongryon are particularly critical, launching cyber attacks and stealing money via online game fraud.

The regime has not only been responsible for mass cyber attacks such as the Dark Seoul campaign which wreaked havoc on South Korean banks and broadcasters last year, but also “psychological operations," or PSYOP tactics, such as internet trolling of South Korean forums and message boards.

“We should not overestimate the regime’s advanced cyber capability, yet we should never underestimate the potential impact of North Korea utilizing less advanced, quick-and-dirty tactics like DDoS to cripple their high-tech targets,” the report concludes.

“Both government and corporate entities are susceptible to being targeted by North Korean cyber attacks.”

What’s hot on Infosecurity Magazine?