Asia Pacific, Americas, Content

DHS, CISA Warn of North Korea Cyber Threat

North Korea (aka DPRK, The Democratic People’s Republic of Korea) is an escalating cyber threat to the international community, network defenders and the public, a recent advisory issued by the U.S. Departments of State, Treasury and Homeland Security through the Cybersecurity Infrastructure Security Agency, warned.

“DPRK’s malicious cyber activities threaten the United States and the broader international community and, in particular, pose a significant threat to the integrity and stability of the international financial system,” the alert (Guidance on the North Korean Cyber Threat), which also provides recommended steps to mitigate the threat, reads.

In the U.S. government’s assessment, North Korea is capable of disrupting the nation’s critical infrastructure and stealing from financial institutions and has “demonstrated a pattern of disruptive and harmful cyber activity that is wholly inconsistent with the growing international consensus on what constitutes responsible State behavior in cyberspace,” the warning reads. In other words, the rogue nation has gone rogue in cyberspace.

DPRK state-sponsored cyber actors primarily consist of hackers, cryptologists, and software developers who conduct espionage, cyber-enabled theft targeting financial institutions and digital currency exchanges, and politically-motivated operations against foreign media companies, the CISA note said. Oft-used tactics include:

Cyber-enabled financial theft and money laundering. As of 2019, the DPRK has attempted to steal as much as $2 billion through these illicit cyber activities.

Extortion campaigns. DPRK cyber actors have also conducted extortion campaigns against third-country entities by compromising an entity’s network and threatening to shut it down unless the entity pays a ransom.

Cryptojacking. Hackers have conducted several campaigns in which computers infected with cryptojacking malware sent the mined assets--much of it anonymity-enhanced digital currency -- to servers located in the DPRK.

Cyber operations publicly attributed to DPRK by the U.S. government. DPRK state-sponsored cyber actors and co-conspirators are responsible for the Sony hack in 2014 to steal confidential information; the Bangladesh bank heist in 2016 that netted DPRK bad actors some $81 million; the WannaCry 2.0 cyber contagion in May 2017; the FastCash fraudulent ATM withdrawal scheme used to steal tens of millions of dollars in Asia and Africa; an April 2018 hack into a digital currency exchange to steal $250 million worth of digital currency, and others.

According to the departments of State, Treasury and Homeland Security, a mitigation strategy for governments, industry, civil society and individuals to protect themselves and counter the DPRK cyber threat needs to include:

  • Raise awareness of the DPRK cyber threat across the public and private sectors and promote adoption and implementation of appropriate preventive and risk mitigation measures.
  • Share technical information of the DPRK cyber threat. Information sharing at both the national and international levels to detect and defend against the DPRK cyber threat will enhance network and systems cybersecurity.
  • Implement and promote cybersecurity best practices. Adopting measures--both technical and behavioral--to enhance cybersecurity, such as information sharing through government and industry channels, will make U.S. and global cyber infrastructure more secure and resilient.
  • Notify law enforcement. All types of financial institutions, including money services businesses, are encouraged to cooperate on the front end by complying with U.S. law enforcement requests for information regarding these cyber threats.
  • Strengthen anti-money laundering, financial terrorism and counter-proliferation financing.  The Financial Action Task Force has called for all countries to apply countermeasures to protect the international financial system from the ongoing money laundering, terrorist financing, and proliferation financing risks coming from the DPRK.

“To hamper the DPRK’s efforts to steal funds through cyber means and to defend against the DPRK’s malicious cyber activities, the United States strongly urges countries to strengthen network defense, shutter DPRK joint ventures in third countries, and expel foreign-located North Korean information technology workers in a manner consistent with applicable international law,” the advisory said.

It also includes a warning: “Individuals and entities engaged in or supporting DPRK cyber-related activity, including processing related financial transactions, should be aware of the potential consequences of engaging in prohibited or sanctionable conduct.”

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.