According to a new report from security firm FireEye, “actors likely affiliated with the North Korean government” have attempted to hack American electric companies, in what appears to be “early-stage reconnaissance” for a possible future cyber attack.
FireEye’s analysis states that any such large-scale attack “might take months to prepare” if the reconnaissance had not been detected, so the threat was not necessarily “imminent.”
“We have not observed suspected North Korean actors using any tool or method specifically designed to compromise or manipulate the industrial control systems (ICS) networks that regulate the supply of power. Furthermore, we have not uncovered evidence that North Korean linked actors have access to any such capability at this time,” the report adds.
The hackers were evidently using “spear phishing” techniques, which essentially involve fabricating realistic-looking emails from trusted sources to trick users into opening malware-laced attachments or click links to virus-spreading websites.
Many of the largest data breaches in recent times are thought to have involved spear phishing, rather than the brute-force system penetration most people envision when they think of cyber attacks. Among other advantages, spear phishing can allow intruders to lurk inside compromised systems for extended periods undetected since they gained entry with legitimate passwords stolen from phishing victims.
FireEye recalls that North Korean hackers are believed to have planted malware in South Korean energy companies in 2014, but they did not damage or disable the power grid – they stole some sensitive documents and exposed them, “as part of an effort to exaggerate the access they had and embarrass the South Korean government.” A similar information-warfare strategy may have been in motion against American electric companies.
On the other hand, the report describes North Korea’s cyber espionage squads as “bold,” determined to “demonstrate national strength and resolve,” and largely devoid of “concern for potential discover and attribution of their operations.” North Korea is one of several nations that appears interested in developing the capability to disrupt power grids, either to attack the morale and economic strength of adversary nations during broader conflicts or to intimidate and deter potential opponents.
FireEye’s chief technology officer for the Asia-Pacific region, Bryce Boland, told CNN that North Korea “almost certainly has the capability to conduct disruptive and potentially destructive attacks, as well as more traditional cyber espionage operations.”
Boland added that North Korea’s isolation and generally backward economy give it advantages in cyberwar because it “has little connectivity and relatively limited reliance on technology.”
North Korean defector Kim Heung-kwang explained to CNN that Pyongyang aggressively cultivates and trains computer experts, managing a network of 250 elite computer schools and harvesting the most talented students for cyber warfare training at two special schools in Pyongyang. Kim added that some of the top graduates are sent to secretly work with China’s elite “Bureau 121” hacker squad.
Bloomberg Technology quotes South Korean defense estimates that North Korea now boasts an army of about 1,700 state-sponsored hackers, plus over 5,000 support staff.
NBC News cites its own previous reporting on North Korea’s interest in cyber attacks against U.S. infrastructure and quotes former FBI counterintelligence director C. Frank Figliuzzi calling FireEye’s report “a signal that North Korea is a player in the cyber-intrusion field and is growing in its ability to hurt us.”
Robert Lee, a cybersecurity consultant for the U.S. power industry, assured NBC that while infrastructure corporates are duly concerned about hacking threats, America’s adversaries are “far from being able to disrupt the electric grid.”
Although Lee said the electric grid is more secure than some of the more alarmed critics believe, Figliuzzi countered that some private utility companies are better equipped for cyberwar than others, and hostile powers like North Korea will “start looking for the weakest link.”