North Korea is not known for technological sophistication. The country does not have any global technological franchises, such as Apple or Samsung, and its citizens continue to have limited access to any basic internet or smartphone apps.
However, the regime of Kim Jong Un has become increasingly adept at entering computer systems across the globe for the strategic benefit and financial gain.
According to statistics, North Korea‘s ‘cyber-soldiers’ have been linked to the stolen US-South Korean military plans, alleged theft of $60 million from a Taiwanese bank, and the collapse of the Seoul-based cryptocurrency exchange.
Even as the US begins to concentrate on the North Korean development of nuclear weapons, Kim Jong Un is attacking from the rear with aggressive NK hackers.
The North Korean nation has experienced limited access to the free flow of online information. The majority of citizens can view only a few websites within the country, but with close government and media agency monitoring.
A select few of these agencies have international access, but the activities are carefully monitored to avoid any unwanted interactions.
For several years, North Korea had a single link to the global internet via the state-owned China United New Communications corporation; however, it recently secured a second link via Russian telecommunications company in October 2017.
According to Fergus Hanson, the head of the International Cyber Policy Center at the Australian Strategic Policy Institute, North Korea currently employees an estimated 1,700 state-sponsored hackers to deal with online interactions.
Kim Jong Il, the father of current leader Kim Jong Un, was an early proponent of technology to be used as a form of modern weaponry.
The military worked on several methods for disrupting GPS systems and setting off electromagnetic pulses to obstruct computer capabilities in other countries.
It is thought that North Korea set up Unit 121 – an early cyber-warrior squad approximately twenty years ago as part of the NK’s military.
The unit started to draw attention to its existence in 2004 during allegations of alleged ‘tapping’ into South Korea’s military wireless communication and for testing malicious computer coding.
In 2011, South Korea arrested five hackers allegedly working as North Korean hackers for stealing several millions of dollars via an online game.
North Korea’s ‘cyber-warriors’ began to draw international attention during 2014 when headlines stated an alleged intrusion into the Sony Corporation’s film business.
Sony was preparing to release a movie starring Seth Rogen and James Franco called ‘The Interview’ – a comedy about meeting the leader of North Korea.
All efforts of the intrusion seemed to be the protection of Kim’s image and punishment of the studio.
Leaked documentation of the hack-damaged careers in Hollywood resulted in Sony having to compensate over $8 million in damages.
Once North Korea got publicly identified as the perpetrator, the NK government denied involvement and publicly declared the US as slandering them.
Despite several accusations being made of hacking attacks, North Korea continues to deny their involvement.
Currently, North Korea has improved the cyber attacks among rising tensions with the US and rest of the globe. In 2016, a hacking group associated with North Korea getting accused of the theft of $81 million from a central bank account in Bangladesh.
This hack resulted in the intrusion of over 300,000 computers and threatened the loss of data unless a ‘ransom’ was paid – typically, $300 in bitcoin within three days.
According to Europol, this is one of the most unprecedented hacks to date.
Despite the association with Lazarus, North Korean hackers have increased efforts to secure cryptocurrency, which could be used to avoid trade restrictions in recent sanctions approved by the UN.
South Korea is currently investigating the possible North Korean involvement of the cryptocurrency exchange eight months after the country hacked the target.
It was seen in October that a South Korean legal maker stated that Kim’s cyber-warriors stole military plans produced by South Korea in a case of armed conflict.
The plans included a classified section known as ‘decapitation strike, which was aimed at removing the North Korean leader. The lawmaker attacked the South Korean armed forces for allowing the breach in military enforcement causing a mistake in the service.
Rhee Cheol-hee agrees that he had worked with defense officials and they are not supposed to save such vital data on PC files.
A US military aide stated that, despite the alleged hack, the UK continues to place confidence in South Korea and their ability to deal with the challenges of North Korea. Some suspect that North Korea may ramp up money counterfeiting to also help fund the regime.
Believe it or not, the US has not been standing by as North Korea regains its connection to the internet. North Korea has restored an online relationship via Russia after China’s faltering strategy.
The link was reportedly distributed under a denial of service attack with a flood of data traffic being produced to overwhelm and obstruct computer systems in the US.
Meanwhile, US president Donald Trump has criticized the North Korean leader for this development of nuclear weapons stating that the US may use military force against the regime.
North Korea has, however, warned that nuclear war by occurring at any moment with South Korea and the UK being joined naval drills.
All hacking efforts appear to be continuing amidst the current political tensions.
North Korea’s hackers continue to push for valuable intelligence and harder currently, while traditional military forces engage with the chance of war.
While Lazarus may have been associated with the theft of $60 million from Taiwan’s Far Eastern International Bank, the malware used bore features of Lazarus and was an international highlight.
Ali Qamar is a privacy and cyber security enthusiast, his work has been featured in many major tech and security blogs including InfosecInstitute, Hackread, ValueWalk, Intego, and SecurityAffairs to name a few. He runs SpyAdvice.com currently. Follow Ali on Twitter @AliQammar57
(Security Affairs – North Korea, Information Warfare)