North Korea, or more formally, the Democratic People’s Republic of North Korea (DPRK), is no stranger to international headlines. Most notably, it has captured attention in recent years for its nuclear testing and ballistic missile launches. Events in the cyber landscape have brought negative attention to North Korea as well. The United States officially blamed North Korea for the WannaCry attack last year as well as the destructive attack on Sony Pictures in 2014.
Much of the negative attention is not without merit. North Korea has developed a formidable cyber capability and has been tied to various financial attacks, cyber espionage, and destructive attacks in the recent past. South Korean organizations are a favorite target but attacks are not limited to South Korea. While attribution in these attacks is often far from conclusive, the choice of targets, likely attack motivations, and techniques and tools utilized tend to narrow the list of possible suspects.
With the upcoming 2018 Winter Olympics in PyeongChang, South Korea, suspicions have been raised around potential North Korean cyber activity specifically around espionage or financial theft. A recent agreement with South Korea regarding North Korean participation in the Olympics has lowered tensions. Despite this, cyber activity from North Korea remains a possibility.
For organizations, understanding various elements driving North Korea’s cyber activities provides insight into any risk exposure the organization may have coming from North Korea.
Details regarding suspected North Korean cyber attacks such as:
Gathering and consuming available open and closed source intelligence on suspected activity associated with North Korean actors helps provide key knowledge in each of these areas. Armed with as good of an understanding as possible, organizations can create a strong and highly tailored analysis that highlights specific areas where there is elevated risk to North Korean attackers.
However, another, much darker possibility looms on the horizon. Recent concerns have been raised by U.S. officials around the possibility of North Korea soon having nuclear-armed missiles capable of hitting the United States. To preempt this capability, the U.S. may elect to execute a targeted military strike to knock down North Korea’s nuclear program. Such an attack may prompt a cyber response from North Korea. Entities in the United States, South Korea, or their allies could see potentially destructive attacks in retaliation. This is a possibility that should be taken seriously into consideration.
Anomali has produced a landscape report on North Korea to provide a high level view of the country and it’s cyber capabilities. It is available for free download here.
Travis Farral is the Director of Security Strategy for Anomali. With over 20 years of security industry experience, he has developed a strong background in threat intelligence, incident response, and Industrial Control Systems security. Previously Travis ran the Cybersecurity Intelligence & Strategic Services team at ExxonMobil and spent several years at companies such as Nokia and XTO Energy.