How powerful is North Korea's cyber-attack capability that threatens the world?

It has been revealed that North Korea is

using ransomware and malware to launch cyber attacks on each country. Journalist Ed Caesar explains the history and current situation of such North Korean cyber attacks.

The Incredible Rise of North Korea's Hacking Army | The New Yorker

◆ Seven-Eleven's 2 billion yen fraudulent withdrawal case
In 2016, Japan Seven - from the installed ATM Eleven, a total of 20 billion yen is withdrawn illegally incident has occurred. According to Mr. Shimomura, who claims to have belonged to the designated gangster Yamaguchi-gumi involved in this illegal withdrawal, a 'white card' with no number or brand printed on it was used for the crime. Mr. Shimomura withdrew a total of 3.8 million yen from ATMs installed at several Seven-Eleven stores on the condition that he would keep 10% of the amount illegally withdrawn using the 'white card'.

When Mr. Shimomura handed over 90% of the withdrawn amount to the organizer, the organizer said, 'I will keep 5% of the collected amount and send the rest to the upper management.' After that, it was reported that the total amount of money illegally withdrawn from all over the country reached about 2 billion yen. It has been revealed that this approximately 2 billion yen went to North Korea via China.

◆ Cyber attack situation in North Korea
In North Korea, only about 1% of the population has internet access. However, despite the small number of people who have access to the Internet, cybercrime groups with the highest capabilities in the world are being created one after another. From this, Caesar said, 'The birth of a talented hacker in North Korea is like the Jamaican bobsleigh team winning a gold medal at the Olympics.'

Activities by North Korean cybercrime groups range from bank robbery, ransomware transmission, and theft of crypto assets from online exchanges. Also, unlike cybercrime groups in other countries, North Korean cybercrime groups do not issue criminal statements. Therefore, 'it is difficult to determine how many cyber attacks are being carried out by North Korea,' Caesar points out.

According to a 2019

report , North Korea is estimated to have raised more than $ 2 billion through the work of cybercrime groups. The United Nations also claims that much of the money stolen by North Korean cybercrime groups is spent on weapons development, including the development of nuclear weapons.

'North Korea is forming a criminal group that uses keyboards instead of guns,' said John Demers, assistant secretary of the US National Security Agency, in February 2021. Financing is an attractive method for North Korea, which is subject to severe economic sanctions from various countries, 'he speculates on the background of North Korea's focus on cyber attacks.

◆ History of cyber attacks by North Korea
Kim Jong-un, who took control in 2012, positions cyber capabilities as 'a sword that guarantees the ruthless attack capability of the Korean People's Army, along with nuclear weapons and missiles.'

In 2014, North Korea demanded that Sony Pictures Entertainment stop releasing the comedy movie 'The Interview, ' which was scheduled to be released on the theme of the assassination of Kim Jong Un. Then, in November 2014, Sony Pictures Entertainment was hit by a cyberattack by a hacker group called the 'Guardians of Peace.'

The cyberattack stole employee emails, pay slips, medical records, and data from unreleased movies, including the new Specter movie in the 007 series, resulting in a number of Sony Pictures Entertainment Internet connections. It has evolved into a situation where it is cut off for days.

It is reported that North Korea may have hacked Sony Pictures --GIGAZINE

The FBI investigation raises the possibility that North Korea is involved in the hacker group 'Guardians of Peace.' North Korea has denied involvement, but at the same time has declared that cyber attacks are a 'legitimate act.'

In 2015, a hacker group suspected of involving North Korea, the

Lazarus Group , illegally remitted $ 80 million from the Federal Reserve Bank's account held by the Central Bank of Bangladesh. It has occurred, and a large amount of fraudulent remittance cases have occurred in countries other than Bangladesh by the same method.

In 2017, the ransomware ' WannaCry ' became a global epidemic , causing serious damage to large global companies and government agencies such as aircraft manufacturer Boeing, the United Kingdom National Health Service, and Deutsche Bahn service. It was. It turns out that a North Korean hacker group was also involved in the development of this WannaCry.

The United States prosecutes three North Korean hackers who have attempted to steal a total of nearly 140 billion yen-GIGAZINE

◆ Fostering hackers in North Korea
In North Korea, promising children are encouraged to use computers at school, and children who are good at math will be educated about math at a specialized high school. In addition, Kim Chaek University of Technology and Kim Il Sung University, which are based in Pyongyang, provide advanced programming education to talented young people, and the North Korean student team can participate in the International Collegiate Programming Contest (ICPC). He has achieved high results at the Mathematics Olympics.

'The way hackers are trained in North Korea is similar to the way athletes are trained in the former Soviet Union,' Caesar said of programming education in North Korea.

◆ Cyber unit of the Korean People's Army
According to Caesar, the Korean People's Army has a cyber unit with about 7,000 members. The cyber unit is divided into a 'general affairs department' that supports the operations of the Army and a 'general reconnaissance bureau' that is similar to the CIA in the United States, and 'operations to steal foreign currency from outside North Korea' are being carried out.

The Lazarus Group, which was involved in the aforementioned cyber attacks on the Central Bank of Bangladesh, is believed to be part of the cyber unit of the Korean People's Army, but details on the breakdown of the cyber unit have not been revealed. There, Priscilla Moriuchi, a researcher at Harvard University's Belfer Center , tracked metadata for North Korean Internet users from 2017 to 2020. As a result, it turns out that most North Korean programmers work outside of North Korea, such as China and Southeast Asia.

According to Lee Hyun-soon, who fled from North Korea to the United States in 2014, there were three team bases in Dalian, China, consisting of four to six North Korean 'IT workers.' 'The IT worker team has made a lot of money by developing mobile game software for the Japanese, Chinese and Korean markets,' said Hyun Seung.

Another North Korean exile testified, 'North Korea gives talented hackers'low-level jobs' to wait abroad and bring them back to Pyongyang to do important work.' did. 'North Korea is believed to be giving'low-level jobs' to prevent talented hackers engaged in high-priority operations from being caught abroad,' Caesar said.

◆ Cyber attack on South Korea by North Korea
Simon Choi, a security expert living in Seoul, South Korea, learned that North Korea was launching a cyberattack on South Korean troops while fulfilling his military service obligations in 2008. After serving in the military, Choi

set up a volunteer team, IssueMakersLab, to continue investigating North Korean cyberattacks with 10 members.

During the course of his investigation, Choi discovered a malicious script created by about 1,100 North Korean hackers. 'The scripts found were less sophisticated than those by American and Russian hackers. Those scripts were very simple and practical,' said Choi. 'North Korean hackers said. We will continue to attack persistently to achieve our goals. '

◆ Theft of crypto assets by North Korea
'North Korean hackers have stolen at least $ 1.75 billion worth of crypto assets from crypto exchanges,' said Jesse Spiro, a policy initiative at blockchain analytics firm Chainalysis. I insist.

Tom Robinson, a researcher at another blockchain analytics company, Elliptic , said, 'Cryptocurrency assets have no administrators and can be traded completely anonymously for these reasons. Cryptocurrency trading has become an attractive target for North Korean hackers. '

'Many criminal organizations, including North Korean hackers, use crypto assets with little evidence as a ransom payment method,' Caesar said, arguing that it is necessary to establish a method for tracking crypto assets. I am.

'Most of the cryptocurrencies are used by criminal organizations,' said US Treasury Secretary candidate, but also pointed out that 'the facts are different' --GIGAZINE

in Security, Posted by log1o_hf