North Korea has garnered much attention, largely due to its nuclear ambitions, but also for its presumed substantial offensive cyber capabilities. The isolated country has been suspected of some of the more noteworthy hacks that, if true, have demonstrated an increasing use of cyber operations that have spanned from distributed denial-of-service (DDoS) attacks to more destructive “wiping” of data on targeted networks and systems. As of late, there has been indications that North Korea has been using its cyber prowess in support of more criminal activities such as the theft of money, and more recently, of cryptocurrencies. Such a divergent range of activities is of note as many of the other suspected nation state-driven cyber operations have concentrated on stealing data, disseminating influence campaigns, or launching destructive attacks.
North Korea Cyber power
This is not to say that suspected North Korean cyber activity is absent these purposes. Some of the more aggressive actions believed to be orchestrated by North Korea include but may not be limited to the following:
- August 2017: Cyber espionage activity tied to the “Lazarus Group” targeted U.S. defense contractors with spearphishing e-mails. Lazarus Group operations are believed to be orchestrated by North Korean cyber actors.
- June 2017: The U.S. Computer Emergency Response Team published a warning of potential North Korean cyber attacks against U.S. media, aerospace, and financial companies. Known as “Hidden Cobra,” the alert identified Internet Protocol (IP) addresses associated with a malware variant used to manage North Korea’s DDoS botnet infrastructure.
- November 2014: In addition to having personal information and intellectual property stolen from its networks, Sony Pictures Entertainment suffered damages from wiper malware. The Federal Bureau of Investigation maintained high confidence that North Korea was responsible.