The cyber threat from North Korea is so significant that the United States issued a new alert about that nation's abilities to carry out cyber-based attacks with the potential for worldwide impact.
The April 2020 alert about the Democratic People's Republic of Korea (DPRK) summarizes the threat like this:
"In particular, the United States is deeply concerned about North Korea's malicious cyber activities, which the U.S. government refers to as HIDDEN COBRA. The DPRK has the capability to conduct disruptive or destructive cyber activities affecting U.S. critical infrastructure. The DPRK also uses cyber capabilities to steal from financial institutions, and has demonstrated a pattern of disruptive and harmful cyber activity that is wholly inconsistent with the growing international consensus on what constitutes responsible State behavior in cyberspace."
The new alert lists a growing history of cyberattacks attributed to North Korea and its nation-state hackers. The list includes:
• The Sony Pictures cyberattack in November 2014
• The Bangladesh Bank Heist in February 2016, where it stole $81 million
• It developed WannaCry 2.0, "The ransomware which infected hundreds of thousands of computers in hospitals, schools, businesses, and homes in over 150 countries."
• The FASTCash Campaign in 2016, 2017 and 2018. "DPRK state-sponsored cyber actors have employed a fraudulent ATM cash withdrawal scheme known as 'FASTCash' to steal tens of millions of dollars from ATMs in Asia and Africa."
• Digital Currency Exchange Hack of 2018. "DPRK state-sponsored cyber actors hacked into a digital currency exchange and stole nearly $250 million worth of digital currency."
These are just some of the examples.
If you look at the list above, clearly North Korea is going after money when it launches a cyberattack.
SecureWorld recently interviewed CNN Military Analyst Colonel Cedric Leighton (USAF, Ret.) about this on our podcast:
"The North Korean threat is really based on making money. What they're interested in doing is finding ways to circumvent sanctions," says Leighton.
And as it turns out, they have help from some very talented nation-state hackers.
"They've got several things going for them. First of all, the Chinese have their own massive and very well respected cyber capability. The Chinese are their allies. The North Koreans learned a lot from the Chinese.
They may also have learned a lot from the Iranians because there's a connection between the North Koreans and the Iranians when it comes to the nuclear weapons capabilities that both countries have.
So what the North Koreans want to do is they want to siphon off as much money as they possibly can. One thing they did was they hacked into the Central Bank of Bangladesh in the Swift banking system. Swift is the international money transfer system. They were able to go into that and siphon off $81 million to actually line their coffers.
They wanted to go after a billion, so it didn't quite get there. But they were able to exploit some significant weaknesses within Bangladeshi banking that enabled them to walk off with a bunch of money before they got caught."
Interested in the top nation-state cyber threats? Listen to the rest of our interview with Col. Leighton in this podcast episode:
The U.S. Department of Justice is taking the North Korean cyber threat so seriously that it is now offering millions of dollars to find those involved in the country's cyberattacks.
The Department is also authorized to offer rewards of up to $5 million for information leading to the identification of any individual who, at the direction of or under control of the North Korean government, aids or abets a violation of the Computer Fraud and Abuse Act ("CFAA"), 18 U.S.C. § 1030). The Department is seeking information on any such activities that violate the CFAA, with a particular, but not exclusive, interest in those activities involving:
1. The unauthorized intrusions into public and private sector computers and networks with the intent to steal information;
2. The sending of destructive malware;
3. The dissemination and use of ransomware;
4. The sending of threats to cause damage to, obtain information from, or requesting something in value in relation to a computer, with the intent to extort from a person or entity money or anything of value.
The latest alert on HIDDEN COBRA also includes a significant mitigation list to help defend your organization against North Korean cyber threats.
Download the PDF here: DPRK Cyber Threat Advisory
[RESOURCE: SecureWorld Remote Sessions webcast, Coronavirus: Geo-Strategic Implications for Cybersecurity]