Intelligence analysts have discovered a new strand of North Korean malware that could be used in a cyber attack against the United States.
Documents obtained by Foreign Policy from the Department of Homeland Security issued in December last year indicate that “advanced persistent threat actors” are using “newly discovered destructive malware that shares a number of similarities to the destructive malware” used in previous cyber attacks.
“This is the first known instance since 2014 that North Korea-tied destructive malware has been seen,” the report states.
In 2014, the regime was alleged to have conducted a cyber attack on Sony Entertainment after the release of the action comedy film The Interview which told the story of two journalists sent to North Korea to assassinate dictator Kim Jong-un.
The report says that although it is not certain that Pyongyang is behind the new strand of malware, the malware’s technical similarity “makes it very likely.”
An anonymous DHS official told the magazine that the department has issued technical alerts “over the last year to assist network defenders in understanding the types of malware” used by North Korean hackers and to urge network administrators “to remove them from their systems so that they cannot continue to have access to our infrastructure.”
Identifying the responsible actors of attacks can be difficult. In February, a cyber attack against hundreds of computers at the Winter Olympics in South Korea believed to be carried out by North Korea was later confirmed by U.S. intelligence officials as a Russian false flag operation.
However, North Korea is believed to be behind numerous past cyber attacks, with cybersecurity experts last year providing evidence that the regime was behind a global “ransomware” attack that took hostage thousands of computers and servers worldwide.
There have also been reports that North Korea successfully hacked South Korean cryptocurrency exchanges in an attempt to access desperately needed hard currency.
In February, Foreign Policy reported that the U.S. is now “laying the groundwork” for its own cyber warfare against North Korea as an alternative method of neutralizing the rogue communist regime should current de-escalation efforts fail.
Groundwork efforts include “installing fiber cables as bridges into the region and setting up remote bases and listening posts” so American hackers could gain access to North Korea’s private internet systems.
In the run-up to a meeting between President Donald Trump and dictator Kim Jong-un, North Korea has agreed to refrain from additional nuclear tests, although the country’s plausible deniability likely heightens the possibility of additional cyber attacks as the regime continues to struggle under the pressure of international sanctions.