North Korea Ramped Up Cyberattacks While Talking Peace with Seoul

In this Jan.23 2018 file photo, a French solider watches code lines on his computer at the French Defense ministry stand during the International Cybersecurity forum in Lille, northern France. Police in Europe and North America have seized servers and data from Islamic State propaganda outlets in a multi-country operation …
AP Photo/Michel Spingler

According to a Wall Street Journal report on Friday, North Korea significantly escalated the pace of its cyberattacks against South Korea in April, even as dictator Kim Jong-un held a historic summit with South Korean President Moon Jae-in and planned for a summit meeting with U.S. President Donald Trump.

The WSJ lists a broad range of targets for North Korea’s hacker onslaught:

The South Korean government is reviewing the cyberattacks, which started in the lead-up to the inter-Korean summit in April and continued through at least Wednesday, the people said. Early indications, based on the malware and targets, strongly suggest North Korea was the culprit, the people said.

The groups targeted include South Korean financial companies and organizations that focus on North Korea, the people said, with hackers seeking sensitive information. As with nearly all cyberbreaches, it is unclear how many computers were infected or what precisely was stolen.

Among the organizations affected were the Sejong Institute, an independent think tank, and the South-North Sharing Campaign, a left-leaning group that sends aid to North Korea.

The Wall Street Journal notes that North Korea has relied on its hackers to ease the pain of sanctions by raiding cryptocurrency exchanges and banks. The current wave of cyberattacks could be a last-ditch effort to exploit certain vulnerabilities in Microsoft browser software, which South Korea has been slow to correct by updating its computer systems. Another possibility is that Pyongyang’s hacker army was laying the groundwork for cyberwarfare retaliation against South Korea if negotiations collapse.

Retaliation might not be limited to South Korea. A report by Britain’s Defense Committee in April judged that the risk to the UK from “reckless cyberattacks” by North Korea is greater than the threat currently posed by North Korean missiles. The same report cited substantial evidence that China has assisted North Korea with developing its formidable cyberwarfare capabilities.

Priscilla Moriuchi, director of strategic threat development at Recorded Future, told UK Computing on Friday that the United States can expect cyberattacks from North Korea as well:

Cancellation of this summit with Kim will likely have larger implications than if President Trump never accepted the invitation in the first place. This will be viewed by North Korean leadership as a slight against the Kim family which will raise the demand for a response.

We expect that there will be some type of cyber-retaliation, most likely denial-of-service or other disruptive attacks against US government departments or military networks, defence contractors, and large American multinationals. Given the high degree of perceived offense against the Kim family, this response will likely occur in the coming weeks and months.

Lastly, the timing of the cancellation, right before the Memorial Day holiday in the United States, is consistent with the historic timing of North Korean cyber attacks in the past.

Security analysts say North Korea’s cyberwar capabilities have improved significantly over the past year, peaking with “Operation GhostSecret,” a hacking campaign directed at infrastructure, financial, and telecom systems in 17 different countries. Some analysts think Operation GhostSecret was intended to show the world what North Korea’s “Hidden Cobra” cyber-army is now capable of.