Breaking down North Korea's advancing cyber prowess
Recent attacks linked to North Korean state-backed hackers are spotlighting how technically adept and creative the regime's cyber activity has become.
The big picture: Experts say public perception of North Korea's cyber threat risks painting the regime as an underfunded country solely focused on cybercrime to fund its government, but those perceptions aren't quite right.
Driving the news: Late last month, several cybersecurity firms found North Korean state-backed hackers attaching malware in a system update for video-conference tool 3CX — mirroring a tactic Russian hackers used in the infamous SolarWinds espionage campaign two years ago.
- While the supply chain attack appears to have had little impact so far, news of the campaign came just days after Mandiant identified a new North Korean state-backed espionage team that's successfully tricked researchers into sharing their work.
What they're saying: "They have the capabilities, they develop the capabilities, and they are very effective at using them for espionage or sabotage or disruptive, destructive activities," Adam Meyers, senior vice president of intelligence at CrowdStrike, told Axios.
- North Korean hackers are typically young men who have been "trained to be these cyber warriors" and were hand-selected to join the regime's hacking teams at a young age, Michael Barnhart, a principal analyst at Mandiant, told Axios.
Catch up quick: North Korea has been behind some of the heaviest-hitting cyberattacks and espionage campaigns in recent years.
- The U.S. attributed a highly publicized cyberattack against Sony Pictures in 2014 to North Korea, and in 2016, the country's hackers got plenty of attention after attempting to steal $1 billion from Bangladesh's national bank.
- In the last year, North Korean espionage groups have started impersonating journalists and well-known researchers in phishing campaigns to trick researchers into sharing their intel on the regime's efforts.
Between the lines: North Korea has a dual-hatted cybersecurity mission: deploying hackers to pursue cybercrime to help fund the regime's activities and spying on the U.S., South Korea and their allies.
- The National Security Agency warned earlier this year that North Korea-linked hackers were exploiting the known Log4j vulnerability to deploy ransomware against health care organizations.
- The FBI attributed last year's $100 million hack of the Harmony Protocol to North Korea.
- Several groups estimate that North Korea stole more than $1 billion in cryptocurrencies in 2022. Those funds are suspected of being used to fund the regime's espionage activities, as well as its nuclear programs.
The intrigue: North Korean leader Kim Jong-un likes to keep the precise structure of his regime's cyber operations under wraps and isn't afraid to reorganize after public reporting about North Korea's efforts, Barnhart said.
- "This is where Kim Jong-un thrives," Barnhart said. "He wants you to be confused and to miss stuff, so it's effective on all aspects."
Zoom out: While China and Russia tend to grab more attention in the cybersecurity industry, the U.S. intelligence community has also identified North Korea as a maturing cyber threat.
- The Office of the Director of National Intelligence's 2023 worldwide threats report released earlier this year warned that North Korea's cyber program poses a "sophisticated and agile espionage, cybercrime and attack threat."
- North Korea "probably possesses the expertise to cause temporary, limited disruptions of some critical infrastructure networks and disrupt business networks in the United States," the report adds.
Sign up for Axios’ cybersecurity newsletter Codebook here