Blog

North Korean Cybersecurity Profile

Anomali Labs conducted research to provide a high level overview of North Korean cyber capabilities. Download to learn more...

Travis Farral
February 7, 2018
Table of contents
<p>North Korea, or more formally, the Democratic People’s Republic of North Korea (DPRK), is no stranger to international headlines. Most notably, it has captured attention in recent years for its nuclear testing and ballistic missile launches. Events in the cyber landscape have brought negative attention to North Korea as well. The United States officially blamed North Korea for the <a href="https://www.anomali.com/blog/wanacry">WannaCry attack</a> last year as well as the destructive attack on Sony Pictures in 2014.</p><p>Much of the negative attention is not without merit. North Korea has developed a formidable cyber capability and has been tied to various financial attacks, cyber espionage, and destructive attacks in the recent past. South Korean organizations are a favorite target but attacks are not limited to South Korea. While attribution in these attacks is often far from conclusive, the choice of targets, likely attack motivations, and techniques and tools utilized tend to narrow the list of possible suspects.</p><p>With the upcoming 2018 Winter Olympics in PyeongChang, South Korea, suspicions have been raised around potential North Korean cyber activity specifically around espionage or financial theft. A recent agreement with South Korea regarding North Korean participation in the Olympics has lowered tensions. Despite this, cyber activity from North Korea remains a possibility.</p><p>For organizations, understanding various elements driving North Korea’s cyber activities provides insight into any risk exposure the organization may have coming from North Korea.</p><p>Details regarding suspected North Korean cyber attacks such as:</p><ul><li>Favored targets</li><li>Motivations</li><li>Specialized tools</li><li>Common techniques used</li><li>The geopolitical landscape affecting North Korea and the surrounding region</li></ul><p>Gathering and consuming available open and closed source intelligence on suspected activity associated with North Korean actors helps provide key knowledge in each of these areas. Armed with as good of an understanding as possible, organizations can create a strong and highly tailored analysis that highlights specific areas where there is elevated risk to North Korean attackers.</p><p>However, another, much darker possibility looms on the horizon. Recent concerns have been raised by U.S. officials around the possibility of North Korea soon having nuclear-armed missiles capable of hitting the United States. To preempt this capability, the U.S. may elect to execute a targeted military strike to knock down North Korea’s nuclear program. Such an attack may prompt a cyber response from North Korea. Entities in the United States, South Korea, or their allies could see potentially destructive attacks in retaliation. This is a possibility  that should be taken seriously into consideration.<br/> Anomali has produced a landscape report on North Korea to provide a high level view of the country and it’s cyber capabilities. It is available for <a href="https://www.anomali.com/resources/whitepapers/north-korea-cybersecurity-profile">free download here</a>.</p>
Travis Farral

Travis Farral is the former Director of Security Strategy at Anomali. Travis is a seasoned IT security professional with extensive background in corporate security environments.

Propel your mission with amplified visibility, analytics, and AI.

Learn how Anomali can help you cost-effectively improve your security posture.

February 7, 2018
-
Travis Farral
,

North Korean Cybersecurity Profile

<p>North Korea, or more formally, the Democratic People’s Republic of North Korea (DPRK), is no stranger to international headlines. Most notably, it has captured attention in recent years for its nuclear testing and ballistic missile launches. Events in the cyber landscape have brought negative attention to North Korea as well. The United States officially blamed North Korea for the <a href="https://www.anomali.com/blog/wanacry">WannaCry attack</a> last year as well as the destructive attack on Sony Pictures in 2014.</p><p>Much of the negative attention is not without merit. North Korea has developed a formidable cyber capability and has been tied to various financial attacks, cyber espionage, and destructive attacks in the recent past. South Korean organizations are a favorite target but attacks are not limited to South Korea. While attribution in these attacks is often far from conclusive, the choice of targets, likely attack motivations, and techniques and tools utilized tend to narrow the list of possible suspects.</p><p>With the upcoming 2018 Winter Olympics in PyeongChang, South Korea, suspicions have been raised around potential North Korean cyber activity specifically around espionage or financial theft. A recent agreement with South Korea regarding North Korean participation in the Olympics has lowered tensions. Despite this, cyber activity from North Korea remains a possibility.</p><p>For organizations, understanding various elements driving North Korea’s cyber activities provides insight into any risk exposure the organization may have coming from North Korea.</p><p>Details regarding suspected North Korean cyber attacks such as:</p><ul><li>Favored targets</li><li>Motivations</li><li>Specialized tools</li><li>Common techniques used</li><li>The geopolitical landscape affecting North Korea and the surrounding region</li></ul><p>Gathering and consuming available open and closed source intelligence on suspected activity associated with North Korean actors helps provide key knowledge in each of these areas. Armed with as good of an understanding as possible, organizations can create a strong and highly tailored analysis that highlights specific areas where there is elevated risk to North Korean attackers.</p><p>However, another, much darker possibility looms on the horizon. Recent concerns have been raised by U.S. officials around the possibility of North Korea soon having nuclear-armed missiles capable of hitting the United States. To preempt this capability, the U.S. may elect to execute a targeted military strike to knock down North Korea’s nuclear program. Such an attack may prompt a cyber response from North Korea. Entities in the United States, South Korea, or their allies could see potentially destructive attacks in retaliation. This is a possibility  that should be taken seriously into consideration.<br/> Anomali has produced a landscape report on North Korea to provide a high level view of the country and it’s cyber capabilities. It is available for <a href="https://www.anomali.com/resources/whitepapers/north-korea-cybersecurity-profile">free download here</a>.</p>

Get the Latest Anomali Updates and Cybersecurity News – Straight To Your Inbox

Become a subscriber to the Anomali Newsletter
Receive a monthly summary of our latest threat intelligence content, research, news, events, and more.