North Korea’s hackers are after intel, not just crypto

Global temperatures have broken records three times in a weekAre these records falling faster?To read more of The Economist’s data journalism visit our Graphic Detail page.For a country that allows only a trusted few onto the internet, North Korea is a prolific troublemaker online. In 2005 Kim Jong Il, the country’s then dictator, said that “if the internet is like a gun, cyber-attacks are like atomic bombs.” His son, Kim Jong Un, took this observation to heart, not only studying computer science at university, but significantly expanding the country’s cyber-warfare capabilities after he assumed power in 2011. Its plundering of cryptocurrency—$1.7bn worth in 2022 alone—grabs headlines, but a new report suggests that North Korea uses its “all-purpose sword”, as the senior Kim once called his country’s cyber-attack capability, to seek information more than cash. Recorded Future, a cyber-security company, analysed 273 cyber attacks attributed to North Korean groups between July 2009 and M

Kevin

A person who loves writing, loves novels, and loves life.Seeking objective truth, hoping for world peace, and wishing for a world without wars.
  Markets   Jul 9, 2023  Add to Reading List
North Korea’s hackers are after intel, not just crypto

Global temperatures have broken records three times in a week

Are these records falling faster?

To read more of The Economist’s data journalism visit our Graphic Detail page.

For a country that allows only a trusted few onto the internet, North Korea is a prolific troublemaker online. In 2005 Kim Jong Il, the country’s then dictator, said that “if the internet is like a gun, cyber-attacks are like atomic bombs.” His son, Kim Jong Un, took this observation to heart, not only studying computer science at university, but significantly expanding the country’s cyber-warfare capabilities after he assumed power in 2011. Its plundering of cryptocurrency—$1.7bn worth in 2022 alone—grabs headlines, but a new report suggests that North Korea uses its “all-purpose sword”, as the senior Kim once called his country’s cyber-attack capability, to seek information more than cash.

Recorded Future, a cyber-security company, analysed 273 cyber attacks attributed to North Korean groups between July 2009 and May 2023. In nearly 72% of attacks where the intent was clear, hackers seem to have been trying to nick data. Financially motivated incursions were about 24% of the total. Of the 172 cases where specific victims were identifiable, governments were the most common targets. Attempts to steal cryptocurrency came second, followed by hacks of media outlets, financial entities and defence organisations.

The rapid increase in activity from 2016 is in part explained by increased attention from analysts. Many attacks in the past may have gone unnoticed. But North Korea’s cyber operations are also maturing. Harsher international sanctions imposed from 2016 in response to weapons-testing may also have encouraged more activity, as the isolated regime has become more desperate for both information and currency.

North Korea’s cyber-warriors—estimated by South Korea’s defence ministry in 2018 to number 6,800—undertake various types of spying. Often using relatively unsophisticated techniques, they have invaded South Korean nuclear power plants, think-tanks, media outlets and even Seoul’s metro system. Authorities are investigating whether South Korea’s National Elections Committee was breached. Hackers are opportunistic. In the wake of a crowd crush in Seoul in 2022 in which over 150 people died, North Korean hackers distributed fake press-releases containing malicious code. And it is not only South Korea in their sights–Recorded Future says at least 29 countries have been targeted.

Both America and South Korea have been stepping up efforts to combat the threat. This year America’s Justice Department launched two new initiatives designed to combat cyber-threats from state actors, including North Korea. And America and South Korea announced a new joint working group on cyber-security on June 23rd.

They will have their work cut out. There is little consensus on how best to combat the wide range of cyber-threats presented by North Korea. Cyber-incursions are cheap, effective and unlikely to provoke the extreme reaction that might be expected by more conventional means of attack or espionage. That makes them a low-risk, high-reward venture. Yet they could also prove a devastating weapon if, for example, the North Koreans were to target South Korea’s water supply or rail network. If cyber-attacks are indeed like atomic bombs, deterrence theory needs to catch up.

What's Your Reaction?

like

dislike

love

funny

angry

sad

wow

Tags