This article was originally published on The Australian
Democratic People’s Republic of Korea (DPRK) cyber adversaries represent some of the world’s most disruptive threat groups. They continue to grow in sophistication, leveraging cyber capabilities for conducting disruptive campaigns, cyber espionage and financially-motivated activity to bolster the standing of the regime.
North Korea has figured out cyber warfare just as it did with nuclear weapons – test by test – creating teams, building capabilities and learning from active campaigns. Their capabilities have matured significantly and today, DPRK adversaries demonstrate a notably broad mission and a wide array of targets to support it.
While last week’s summit with Donald Trump and Kim Jong-un could be a positive first step towards the denuclearisation of the Korean Peninsula, many people still underestimate the threat that comes from North Korea’s activity in cyberspace.
CrowdStrike Intelligence assesses that cyber threats from the DPRK regime will continue to persist as usual. The summit almost exclusively focused on the issues of denuclearization and stayed away from addressing many other security concerns posed by the regime, most notably its criminal activities in cyberspace. Although an agreement of establishing new U.S.-DPRK relations was signed, no specifics as to how this goal would be achieved were offered by either of the parties. The agreement also lacks any promises that would immediately incentivise the regime for abandoning or considerably reducing its illegal cyber activities.
With this in mind, let’s take a look at key learnings and cyber operations that could follow.
A History of DPRK Cyber Capabilities
As a sophisticated nation-state adversary, North Korea has the capability to launch massive, advanced, and highly impactful cyber campaigns.
Their capability to do just that has become more evident over the last few years. North Korea has been publicly blamed for WannaCry, the world’s biggest ransomware cyberattack to date, which occurred in May 2017 and crippled organizations across the utilities, banking and healthcare sectors among many others.
In 2014, the FBI called out North Korea for sponsoring the Sony Pictures hack, which leaked confidential data information about employees and unreleased films. It’s also been alleged that North Korea was responsible for the 2016 attack on the SWIFT banking system in Bangladesh, which resulted in an $18M heist against the Central Bank. The severity of WannaCry and other notable attacks globally exemplify how debilitating North Korea’s attack capabilities can be.
Most notable, North Korea is one of the few nation-states that conducts cyber campaigns to fund its objectives and the needs of the regime.
North Korea Cyber Regime and Australia
In today’s environment of heightened geopolitical tensions, it could be argued that DPRK leadership is leveraging cyber operations as an asymmetric means to achieve policy goals. Australia is as prone to complex cyber-attacks as everyone else – gone is the belief that Australia’s location protects it from global cyberwarfare. Ties to the U.S. put Australia in the firing line for geopolitical threats.
Recent intelligence from CrowdStrike observed DPRK-based targeted intrusion activity throughout 2017 and 2018, with growing evidence that these adversaries engage in operations on an international scale, not only for the purposes of espionage but also to raise revenue for the Kim Jong-un regime or to activate disruptive capabilities.
While rising tensions have yet to lead to outright destructive cyberattacks targeting Australia, we can’t get complacent. Beyond government regulation like the International Cyber Engagement Strategy, Australia’s private sector can also play an important part in national security by enhancing defenses and changing their approach to cybersecurity. Organizations should embrace modern security solutions that leverage artificial intelligence for detection and response to protect intellectual property.
Is a Potential Attack in the Cards?
Whether the meeting between Donald Trump and Kim Jong-un is a step in the right direction remains to be seen. What we do know is that cyberattacks make up a huge part of intelligence gathering campaigns by all nation-states. Should considerable breakthroughs in subsequent summit negotiations extend to cyber, realistically, Kim’s cyber operators will likely engage in various cyber campaigns to collect relevant intelligence from entities involved in the denuclearization process, as well as continue to generate revenue for the country’s drying coffers. The DPRK will also likely continue to target cryptocurrency exchanges and banking institutions around the world.
Controlling the scope of cyberattacks remains difficult. DPRK threat activity over the past few years illustrates that there’s no limits or denying that geopolitical conflicts will continue to play out in cyberwarfare. Future DPRK threat activity could have a range of consequences both intended and unintended. We need to follow this and see where it goes.
- Read more about Why DPRK Cyberwarfare is Likely to Intensify
- Download the CrowdStrike 2018 Global Threat Report: Blurring the lines between Statecraft and Tradecraft.
- Visit the CrowdStrike Falcon endpoint protection platform web page and learn how to increase your organization’s cybersecurity readiness