They stole billions of dollars US Department of Justice. You have paralyzed the UK health service UK Foreign, Commonwealth and Development Office. And they apparently have it India's newest nuclear power plant hacked steal his designs.
North Korean hackers no longer spied on and disturbed their South Korean opponents, but stole large sums of money, robbed cutting-edge technology and wreaked havoc. As senior U.S. and Japanese officials meet this week to discuss regional security – particularly with a focus on North Korea's missiles – many experts say Pyongyang's hackers may pose a greater threat than the massive missiles used by North Korean leader Kim Jong Un killed every year.
"When I compare hackers to missiles, I definitely think these guys pose a bigger threat," said Simon Choi told Foreign policy. He founded and runs IssueMakersLab, a nonprofit that specializes in infiltrating and tracking North Korean hacker groups. "They are ready to go [missiles] but they haven't done it yet. But when we hack we see that it happens all around us every day," he added.
His organization has logged the activities of several different hacking groups associated with different parts of the North Korean government, including the army and intelligence agencies. The trend line is clear, said Choi: you will become more active and competent.
“They have grown tremendously lately. In the past, they used the same techniques as China and the US, based on open source information. Recently, however, they have made progress in identifying the weakness of the targets, ”Choi said.
For example, North Koreans recently found zero-day exploits on Google. This means that they found and exploited a vulnerability before it was discovered and fixed.
The Lazarus Group, perhaps the most notorious North Korean state-backed group, posing as a security researcher to infect users' Chrome browsers.
"When it comes to finding vulnerabilities [North Korea] it can be in the top 3 in the world," said Choi.
Mike Pompeo, former US Secretary of State, said last year that North Korea poses a greater threat than Russia in cyberattacks, and its growth is reminiscent of previous developments in Pyongyang.
"Experts initially rejected North Korea's cyber capabilities, as well as the regime's nuclear and missile programs, ”said Bruce Klingner, former deputy department head of CIA Korea who is now with the Heritage Foundation. “Pyongyang developed advanced cyber warfare capabilities that only a few nations have surpassed. T.The regime enhanced its cyber programs to create a robust and global set of disruptive military, financial and espionage capabilities, ”he added.
North Korean hackers can of course do no more damage than a nuclear weapon. But the big difference is that Pyongyang can unleash its hackers in peacetime while its nuclear arsenal lurks.
"The difference is in the ease of use, ”said Benjamin Read, director of analysis and threat intelligence at cybersecurity firm Mandiant. Cyber skills, whether North Korean or Chinese, can help improve the balance of power below the war threshold.
Meanwhile, Pyongyang has used cybercrime to secure hard currency for the heavily sanctioned country. according to CNNMuch of this money goes to its weapons program. It's not warfare – but it funds potential warfare.
“There is an argument that this kind of cyber notebook makes possible, and if you judge North Korea to be risk tolerant enough to be the most likely country to use it to hit the US, this calculation makes you the greatest Threat, ”said Read.
North Korea's Propensity to Use Its Hackers for Crime – Robbing Banks and Emptying Cryptocurrency Wallets According to US Department of Justice – in contrast to other US opponents such as Iran, Russia and China. Iran used cyber capabilities to target oil production in Saudi Arabia, for example. Russia has used cyber capabilities to unsettle states in its orbit, particularly Georgia and the Baltic states.
"Russia and Iran will do some destructive things, but less crimes," Read said. “China has some overlap with criminal groups, but has not done so much cyber disruptive. They certainly could, but they just don't have it. "
In contrast, North Korea does not seem to respect these borders. It launched several disruptive attacks against South Korea – including a huge theft of South Korean military secrets – and is believed to be responsible for the WannaCry ransomware attack that left hundreds of thousands of people locked off their computers and sent several UK hospitals offline 2017. Pyongyang's willingness to mix crime with government-directed cyberthreat makes it almost uniquely problematic.
“North Korea doesn't seem to respect many borders. They've been into crime a lot, but in the past they've had no problem crossing those kind of dotted lines, "Read said.