N. Korea Continues Cyberattacks Ahead of Summit
By Masood Farivar June 01, 2018
Even as it signals a willingness to give up its nuclear arms, North Korea is brandishing another well-known weapon in its arsenal: cyber.
Under heavy sanctions over its nuclear weapons program, the cash-starved government in Pyongyang has for many years used cyberattacks to steal money from banks and other institutions.
Those intrusions are continuing, primarily in Asia and Latin America, even as U.S. President Donald Trump says that a planned meeting with North Korean leader Kim Jong Un will proceed later this month, according to a U.S. cybersecurity firm that advises companies and government agencies that have been breached by hackers.
"We continue to see offensive operations by North Korean actors," Charles Carmakal, vice president at Mandiant Consulting, a subsidiary of cybersecurty firm FireEye, told VOA. "There are multiple intrusions discovered this year and some of them are ongoing."
Theresa Payton, CEO of leading security firm Fortalice Solutions, who served as chief information officer for the White House under former President George W. Bush, said the North Koreans are not simply after money.
"This is an opportunity for them to flex their muscle and to say, 'If you think you're going to take our nukes, and if you think you're going to put us under economic sanctions, we just want you to know this is a weapon and we're not afraid to use it,' " Payton told VOA.
Among the multiple North Korean hackers tracked this year by FireEye is a group known as Lazarus, which was responsible for an $81 million cybertheft from the Bangladesh Central Bank in 2016.
"The Lazarus group, which is the more destructive of the threat actors that operate in North Korea, tends to go after financial institutions that have large volumes of money that could be robbed," Carmakal said.
The institutions being targeted by the North Korean hackers are based in Latin America and Asia, he said, declining to name them or the countries from which they operate.
North Korea's long-term plan "is to generate wealth by stealing it from other organizations across the globe," Carmakal said, estimating Pyongyang's cybercrime revenue in the range of tens of millions to hundreds of millions of dollars.
In recent years, U.S. officials have singled out North Korea among countries that pose growing cyberthreats to the United States. In its annual Worldwide Threat Assessment report released in February, the Office of the Director of National Intelligence said Russia, China, Iran and North Korea "will pose the greatest cyberthreats to the United States during the next year."
"We expect the heavily sanctioned North Korea to use cyberoperations to raise funds and to gather intelligence or launch attacks on South Korea and the United States," the agency said.
North Korean hackers have been active for a number of years, but not all their attacks are aimed at financial institutions.
In 2014, suspected North Korean hackers launched a massive attack on Sony Pictures in retaliation for releasing a movie that depicted a fictional assassination plot on Kim.
In 2017, North Korea unleashed the ransomware known as WannaCry that disrupted businesses and government services around the world, including England's National Health Service.
Earlier this week, the FBI and the U.S. Department of Homeland Security released an alert about a series of alleged North Korean cyberattacks that date to at least 2009.
In addition to sanctions aimed at Pyongyang's nuclear and missile programs, the U.S. has imposed a limited set of restrictions on North Korean persons and entities in involved in cyberattacks such as the Sony hack.
Still, Payton, the former White House chief information officer, said the lack of a vigorous and concerted response to North Korea's brazen cyberattacks has only emboldened Pyongyang.
"They have everything to win, nothing to lose, by continuing to show, 'This is something we've developed, we're very skilled at this and we're not afraid to use it, if we're unhappy,' " she said.
|Join the GlobalSecurity.org mailing list|