N. Korea Will Unleash Cyber Attacks On The US

Uploaded on 2017-08-21 in INTELLIGENCE-Hot Spots-North Korea, GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW, INTELLIGENCE--USA, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

As tensions rise over North Korea's potential nuclear missile threat, US officials and outside experts are increasingly concerned the rogue regime will respond to international pressure by lashing out with a weapon it has already mastered.

The concern is cyber-attacks that can disable corporate networks, steal money from banks and potentially disrupt critical infrastructure.

In the best known incident in 2014, US intelligence officials say, North Korean hackers attacked Sony Pictures, destroying corporate computers and disclosing sensitive company data. The US accused North Korea of carrying it out in response to a film lampooning North Korean leader Kim Jong-un.

American intelligence officials have long ranked North Korea as one of the world's more dangerous cyber actors, trailing only Russia, China and Iran among US adversaries in its ability to inflict damage via computer networks.

Experts say North Korea could deploy the same techniques to inflict harm not just on one company, but on the American economy.

"We've been worried for some time that one of the ways that North Korea can retaliate against further escalation of tensions is via cyber, and particularly attacks against our financial sector," said Dmitri Alperovitch, co-founder of Crowdstrike, a cyber-security firm. "This is something they have really perfected as an art against South Korea."

US law enforcement and homeland security officials said in a June 13 analysis that they believe North Korea is targeting the media, aerospace, financial and critical infrastructure sectors in the United States.

"North Korea is capable of deploying malicious cyber capabilities, as they previously demonstrated in the Sony intrusions," one US intelligence official said. Intelligence officials say that while the US has cyber-offensive capabilities to retaliate, it remains vulnerable to attacks.

Some attacks are already underway. In June, the Department of Homeland Security published a warning about a North Korea hacking group it dubbed "Hidden Cobra," referred to by some researchers as "Lazarus."

"Since 2009, Hidden Cobra actors have leveraged their capabilities to target and compromise a range of victims," the warning said. "Some intrusions have resulted in the exfiltration of data while others have been disruptive in nature."

In December, the Hidden Cobra group was named a prime suspect in a theft of $81 million from the Bangladesh central bank. That's part of a string of cyber operations that officials believe were designed to raise money for the regime and its weapons programs.

"They've added cyber-crime to their portfolio of illicit activity that they have engaged in to raise money for the regime," said Juan Zarate, an NBC News analyst who is a former top Treasury official, National Security Council staffer and deputy national security advisor.

"They're absolutely stealing money through these cyber capabilities," said John Hultquist, who leads the intelligence team at FireEye, a cyber security firm.

"They're also stealing defense information. So, a decade of targeting defense contractors worldwide, may have helped in some way in gathering enough information to at least speed up their [nuclear weapons] process."

Some researchers have linked North Korea to the WannaCry ransomware attack, an outbreak of malware in May reported to have infected more than 230,000 computers in over 150 countries, making data irretrievable in many cases. But the links are not clear enough for the US to have publicly accused North Korea of involvement, multiple officials and private sector analysts told NBC News.

Kim Heung-Kwang, a former North Korean computer expert who defected to the south in 2004, told NBC News in an interview in Seoul that the North has trained thousands of military hackers capable of inflicting damage on South Korean and Western infrastructure.

"North Korea is able to use its cyber army to attack South Korea and the US," but the lack of Internet connectivity in North Korea makes it hard for the US to retaliate, he said.

FireEye has documented a number of distributed denial-of-service (DDoS) attacks on South Korean organisations and others that appear to be connected to North Korea.

For example, the firm said, in March 2011, suspected North Korean actors conducted DDoS attacks on the South Korean government, military infrastructure and a US military base in South Korea.

In December 2014, the South Korean government reported that power plants operated by Korea Hydro and Nuclear Power were targeted with wiper malware, potentially linked to North Korean actors.

While the attacks were not believed capable of affecting the function of nuclear plants, "they could create a sense of panic by altering the function of non-operational networks, hijacking social media accounts associated with critical infrastructure, or spreading alarming SMS messages during a time of armed conflict," FireEye said.

Not every expert is convinced that North Korea poses a major cyber threat.

"It's mostly data disruption," said James Lewis, a specialist at the Center for Strategic and International Studies. "The people who haven't done a good job defending themselves are the ones who get whacked. Companies or agencies that haven't protected their data or backed it up."

But Kim Heung-Kwang, who taught computer science in North Korea for 20 years before escaping 13 years ago, said North Korean hackers are working every day to perfect new techniques.

"They work hard to survive and do not give up," he said. "If they don't give up, maybe someday they might succeed."

NBC:

You Might Also Read:

NHS Cyberattack Was 'launched from N. Korea':

Can US Cyber Weapons Stop N. Korea’s Nuclear Missiles?:

N. Korea Threatens The World With Cyberwarfare - Not Nuclear Missiles:

 

« Can Tech Solve The Brexit Border Puzzle?
Fighting Digital Crime: Evolving Police Methods »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

CyberSecurity Malaysia

CyberSecurity Malaysia

CyberSecurity Malaysia is the national cyber security specialist agency under the Ministry of Science, Technology and Innovation (MOSTI).

NetFort

NetFort

NetFort provides software products to monitor activity on virtual and physical networks.

Digital Transformation EXPO (DTX)

Digital Transformation EXPO (DTX)

Digital Transformation EXPO showcases the latest technology and insight from the world’s leading brands and experts in DX.

Capula

Capula

Capula is a leading system integration specialist for control, automation and operational IT systems across all applications and industry sectors.

Jobsite

Jobsite

Jobsite is an award winning job board in the UK providing job listings in the key sectors of IT, Engineering and Finance.

Onfido

Onfido

Onfido is building the new identity standard for the internet. We digitally prove people’s real identities using a photo ID and facial biometrics.

Argentra

Argentra

Argentra is a specialist engineering company, we have years of experience developing custom security software and providing security risk consulting.

SLVA Cybersecurity

SLVA Cybersecurity

SLVA Cybersecurity excel at delivering security-as-a-service, fit-for-purpose, within the constraints of realistic budgets and business expectations.

UM6P Ventures

UM6P Ventures

UM6P Ventures is an African based early-stage ventures firm operating two funds; a Digital Transformation fund and a Deeptech Ventures fund.

EdgeWatch

EdgeWatch

EdgeWatch is a platform that helps information accredited security practitioners discover, monitor, and analyze devices that are accessible from the Internet.

Global Resilience Federation (GRF)

Global Resilience Federation (GRF)

GRF builds, develops and connects security information sharing communities for mutual defense.

c0c0n

c0c0n

c0c0n is the longest running conferences in the area of Information Security and Hacking, in India.

Baidam Solutions

Baidam Solutions

Baidam Solutions is a 100% Australian owned and operated First Nations information technology business.

Internet Watch Foundation (IWF)

Internet Watch Foundation (IWF)

Since the early days of the internet, our job has been to help child victims of sexual abuse by hunting down and removing any online record of the abuse.

OOKOS

OOKOS

OOKOS was founded in 2023 by a team of cybersecurity veterans who recognized that traditional security models were failing to keep pace with evolving threats.

DeepSurface Security

DeepSurface Security

DeepSurface is the first risk-based vulnerability management platform that allows cybersecurity teams to automate the process of analyzing and prioritizing vulnerabilities.