Apr 11, 2023 - Technology

Breaking down North Korea's advancing cyber prowess

Illustration of a flagpole with a flag shaped like a keyboard

Illustration: Sarah Grillo/Axios

Recent attacks linked to North Korean state-backed hackers are spotlighting how technically adept and creative the regime's cyber activity has become.

The big picture: Experts say public perception of North Korea's cyber threat risks painting the regime as an underfunded country solely focused on cybercrime to fund its government, but those perceptions aren't quite right.

Driving the news: Late last month, several cybersecurity firms found North Korean state-backed hackers attaching malware in a system update for video-conference tool 3CX — mirroring a tactic Russian hackers used in the infamous SolarWinds espionage campaign two years ago.

What they're saying: "They have the capabilities, they develop the capabilities, and they are very effective at using them for espionage or sabotage or disruptive, destructive activities," Adam Meyers, senior vice president of intelligence at CrowdStrike, told Axios.

  • North Korean hackers are typically young men who have been "trained to be these cyber warriors" and were hand-selected to join the regime's hacking teams at a young age, Michael Barnhart, a principal analyst at Mandiant, told Axios.

Catch up quick: North Korea has been behind some of the heaviest-hitting cyberattacks and espionage campaigns in recent years.

Between the lines: North Korea has a dual-hatted cybersecurity mission: deploying hackers to pursue cybercrime to help fund the regime's activities and spying on the U.S., South Korea and their allies.

The intrigue: North Korean leader Kim Jong-un likes to keep the precise structure of his regime's cyber operations under wraps and isn't afraid to reorganize after public reporting about North Korea's efforts, Barnhart said.

  • "This is where Kim Jong-un thrives," Barnhart said. "He wants you to be confused and to miss stuff, so it's effective on all aspects."

Zoom out: While China and Russia tend to grab more attention in the cybersecurity industry, the U.S. intelligence community has also identified North Korea as a maturing cyber threat.

  • The Office of the Director of National Intelligence's 2023 worldwide threats report released earlier this year warned that North Korea's cyber program poses a "sophisticated and agile espionage, cybercrime and attack threat."
  • North Korea "probably possesses the expertise to cause temporary, limited disruptions of some critical infrastructure networks and disrupt business networks in the United States," the report adds.

Sign up for Axios’ cybersecurity newsletter Codebook here

Go deeper