Inside North Koreas Rapid Evolution to Cyber Superpower

  /     /     /  
Publicated : 23/11/2024   Category : security


Inside North Koreas Rapid Evolution to Cyber Superpower


Researchers examine North Koreas rapid evolution from destructive campaigns to complex and efficient cyber operations.



It took only a few years for North Korea to advance its cyber capabilities from solely destructive campaigns to sophisticated technical operations. This shift puts North Korea in competition with top nation-state groups and reveals strategic changes in how it plans to support its regime.
[To say] Im intrigued is an understatement by what theyve done over the years, says Josh Burgess, technical lead and threat intelligence adviser at CrowdStrike. Ive been watching them at least six to seven years, personally, as they progress through their malware campaigns: how theyve grown, how theyve evolved, how theyve done what theyve done.
Its financial motivation sets North Korea apart from other nation-state groups, especially the Big Four -- Russia, China, Iran, and North Korea, Burgess notes.   
Most other nation-state actors are motivated by national security objectives or national economic objectives, with their activity primarily focused on the nations overall well-being, adds Jason Rivera, director of CrowdStrikes global strategic advisory group, of the differences.
What North Korea appears to be doing is really around the well-being of the regime, engaging in financially motivated operations for the regime to continue with certain illicit activities, he says. 
But financial gain isnt its only differentiating factor, Burgess points out. While its attacks have grown more sophisticated, North Korea has a history of incorporating destruction into cyber activity from attacks dating back to 2007. This isnt often seen in other nation-states or attack groups.
Everything has a destructive side to it, he explains. Theres a lot of reasons for that. One of the reasons is sabotage -- smashing stuff to smash stuff. And another part is complicating forensics, making it more difficult to recover. The other side is misattribution -- the idea that its harder to attribute where the attack is coming from if everything is broken.
A More Intentional Nation-State
North Korea began to shift away from purely damaging cyberattacks after its 2014 attack on Sony and transitioned toward a dual-pronged approach that prioritizes both maintaining control for the current regime, along with attacks to boost its economy. Its attack techniques changed alongside its motivation, which has shifted due to economic sanctions and pressures.
A lot of that came back to the sanctions and a lot of the economic pressure that the United States started putting on North Korea … and the more sanctions you put on them, the harder it is for them to engage in legitimate trade operations, which is, of course, designed to really force them into better international behavior, Rivera explains. 
In response, North Korea doubled down on cybercrime. In 2015 and 2016, it began to target financial institutions such as
Bangladesh Bank
and the SWIFT international interbank messaging system
for financial gain
. This summer, US law enforcement and government agencies warned of a North Korean government campaign stealing millions in a broad ATM
cash-out scheme
.
These attacks highlight North Koreas intentionality in targeting, another trait that researchers say differentiates its attackers. Each attack is meant to achieve a specific goal. For example, attacks targeting financial institutions are less bound by geography; however, those meant for national security objectives may target the US, South Korea, or other regional adversaries. 
North Koreas cyber capabilities accelerated quickly relative to other nation-state attackers. The ramp-up period was fairly short. It indicates a lot of focus on their part, Rivera says.
To illustrate this, the researchers point to breakout time, or the amount of time it takes an attacker to move laterally once inside the network.
Data shows
North Korea took two hours and 20 minutes to achieve breakout, second only to Russia, which took roughly 19 minutes. In comparison, it took China an average of four hours, and Iran five, to achieve the same goal.
I would say that really the evolution and the complexity of their attacks evolved along with the motive of their attacks, says Burgess, which brings us to where we are at today, this dual-pronged approach -- not only the financial element, but also economic espionage, also national security espionage. 
To engage in these kinds of espionage, its not just a snatch and grab, he continues. Attackers must maintain persistence and return over a period of time, which requires sophistication.
Looking Ahead: Whats Next for North Korea?
Burgess and Rivera, who will present their research in an
upcoming Black Hat Europe briefing
on Dec. 9, say North Korea will leverage its expertise in cyber brinksmanship, a term used in deterrence strategy: How do you get your opponent to do something without attacking them? How do you take something to the very edge -- to the very line of all-out war? as Burgess says.
I think, in many ways, one of North Koreas primary objectives is to influence the behavior of the US and the rest of the international community, Rivera says of its future activity. 
The researchers also anticipate North Korea will continue to focus on its economic objectives and engage in espionage to support those plans. They speculate its attackers may engage in more advanced ransomware operations. While there is no evidence yet to confirm this, it would align with objectives North Korea has tried to achieve in the past.

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Inside North Koreas Rapid Evolution to Cyber Superpower