Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

10:00 AM
Marc Wilczek
Marc Wilczek
Connect Directly
E-Mail vvv

Why North Korea Excels in Cybercrime

North Korea is laser-focused on boosting its cyber capabilities, and it's doing a remarkable job of it.

Although the US and the United Nations have levied sanctions meant to prevent the illegal financing of nuclear weapons, North Korea is proving to be adept at sidestepping them — and is also remarkably proficient at cybercrime. As other countries try to hammer out common cybersecurity protocols, North Korea has rapidly grown its cyber capabilities, both domestically and abroad. As a result, despite ever-tightening sanctions, the regime is finding ways to exploit digital vulnerabilities around the world and launch cyberattacks — typically through its hacking teams, code-named Hidden Cobra or Lazarus Group — to extort money for its banned nuclear weapons development program.

Related Content:

Inside North Korea's Rapid Evolution to Cyber Superpower

How Data Breaches Affect the Enterprise

New From The Edge: Cartoon: Shakin' It Up at the Office

In 2017, the US Department of Homeland Security and the FBI published a rare cybersecurity bulletin that linked North Korea to several attacks on US businesses and critical infrastructure. The alert concerned a type of malware dubbed Delta Charlie, which the Department of Homeland Security and FBI claim the North Korean government used to launch distributed denial-of-service (DDoS) attacks. These botnet attacks direct a flood of destructive IP traffic stemming from insecure Internet of Things devices to knock websites, applications, and other IT infrastructure offline for hours, days, or weeks.

The cybercrime market's size and the scarcity of effective protection continue to be a mouth-watering lure for North Korean cyber groups. The country's cyber operations carry little risk, don't cost much, and can produce lucrative results. Nam Jae-joon, the former director of South Korea's National Intelligence Service, reports that Kim Jong Un himself said that cyber capabilities are just as important as nuclear power and that "cyber warfare, along with nuclear weapons and missiles, is an 'all-purpose sword' that guarantees our [North Korea's] military's capability to strike relentlessly." 

Other reports note that in May 2020, the North Koreans recruited at least 100 top-notch science and technology university graduates into its military forces to oversee tactical planning systems. Mirim College, dubbed the University of Automation, churns out approximately 100 hackers annually. Defectors have testified that its students learn to dismantle Microsoft Windows operating systems, build malicious computer viruses, and write code in a variety of programming languages. The focus on Windows may explain the infamous North Korean-led 2017 WannaCry ransomware cyberattack, which wrought havoc in more than 300,000 computers across 150 countries by exploiting vulnerabilities in the popular operating system.

More recently, North Korea's state media confirmed the founding of a new science and technology university, likely associated with the country's cyberwarfare and weapons development program, as part of its Oct. 10 military parade. This suggests that ongoing investment of government funds is further strengthening the civil-military fusion, which is bound to exacerbate tensions on the Korean peninsula and international security concerns.

North Korea isn't acting alone. A US Army report estimates that North Korea employs roughly 6,000 cyber agents in four intelligence organizations across the globe. One of them is the infamous Lazarus Group, which is known to be the brains behind severe cyberattacks, including the 2017 WannaCry ransomware release. Among North Korea's few backers, China in particular can aid North Korea's illegal cyber activity through training and academic exchange. North Korean students often study at top Chinese institutions such as the Harbin Institute of Technology (HIT), where they can get acquainted with advanced technology unavailable in their home country because of US and UN sanctions.

The Chinese government continues to forge official academic relationships with military-affiliated North Korean academic institutions, partnerships which may form the basis for more cyberattacks. In November 2019, the Chinese Ministry of Education and the North Korean Chairman of the Education Commission jointly signed the China-North Korea Education and Cooperation Agreement (2020–2030) to buttress academic partnerships and postgraduate student exchanges.

Such joint government initiatives to boost foreign exchanges and post-graduate programs may lead to increased cybercrime, given what the curriculum these universities tend to teach. There are already worries that Chinese universities are educating future North Korean nuclear scientists. The question remains how to stop these institutions from equipping North Korean cyber agents with the skills and capabilities they need to target high-level cyberattacks at the US and other advanced economies. Kim Heung-kwang, a North Korean defector who for two decades was a professor of computer science at Hamheung Computer Technology University, has said he trained many of North Korea's first cyber experts before they departed for further education in China.

The US government continues to unearth new North Korean cyber groups that pose serious international security concerns and threaten US national interests. Even the pandemic isn't stopping North Korea from leveraging its cyber genius — like China and Russia — to pilfer funds from pharmaceutical firms researching COVID-19 vaccines and foreign countries' national COVID-19 relief funds.

However, there is still hope for the US and its global allies. The US Department of Justice can mandate cybersecurity audits for US banks and financial institutions as part of deferred prosecution agreements to encourage compliance with basic cybersecurity protocols outlined by the Cybersecurity and Infrastructure Agency (CISA) and Financial Action Task Force (FATF). In addition to tightening cybersecurity protocols and information-sharing among banks and other financial institutions, the White House can collaborate with its allies on in-depth research into the locations of North Korean cyber centers. Vigilance is necessary, since seemingly legitimate businesses, hotels, and universities can all serve as harmless fronts to disguise malevolent North Korean-sponsored cyber activity.

Although North Korea typically plays second fiddle to China and Russia as a cyber threat, the small country is dedicated to strategically building out its cyber capabilities and leveling the playing field with China and Russia. The US will benefit from coordinating with its allies to safeguard critical infrastructures, shared global interests, and international security. Protecting against potential cyberattacks is crucial, but disrupting the training and deployment of cyber agents is just as critical to limit the scope of North Korea's cyber activities.

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Post a Comment
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-17
The Portal Store module in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 does not obfuscate the S3 store's proxy password, which allows attackers to steal the proxy password via man-in-the-middle a...
PUBLISHED: 2021-05-17
Cross-site scripting (XSS) vulnerability in the Site module's membership request administration pages in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary we...
PUBLISHED: 2021-05-17
Cross-site scripting (XSS) vulnerability in the Redirect module's redirection administration page in Liferay Portal 7.3.2 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_redirect_web_internal_portlet_RedirectPor...
PUBLISHED: 2021-05-17
Cross-site scripting (XSS) vulnerability in the Asset module's category selector input field in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_asset_categories_admin_web_portlet_AssetCategoriesAdminPortl...
PUBLISHED: 2021-05-17
Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1 allow remote authenticated users to execute arbitrary SQL commands via the classPKField parameter to (1) CommerceChannelRelFinder.countByC_C, or (2) CommerceChannelRelFinder.findByC_C.