Deterrence, Active Defense and Resilience:

https://www.cisa.gov/uscert/northkorea
 US reference to DPRK cyber activity = HIDDEN COBRA
 “employs malicious cyber activity to collect intelligence, conduct attacks, and generate revenue”
 ODNI in the 2021 Annual Threat Assessment said that “North Korea’s cyber program poses a
growing espionage, theft, and attack threat”
 Specifically – “North Korea has conducted cyber theft against financial institutions and
cryptocurrency exchanges worldwide, potentially stealing hundreds of millions of dollars,
probably to fund government priorities, such as its nuclear and missile programs” this makes
sense because they would need money first and then weapons
 In July 2022 – The FBI, CISA, and the Dept. of Treasury issued a joint Cybersecurity Advisory on
Maui Ransomware which targets healthcare and public health organizations (do you think that
they may need health help for covid or monkey pox because they are so shut off – I can’t
remember if they ever developed a vaccine) -> this is true
https://en.wikipedia.org/wiki/Lazarus_Group
 Persistent threats are: Lazarus Group, APT38, BlueNoroff, and Stardust Chollima
 Crypto malware = AppleJeus
 This source lists a bunch of the other names

https://www.newyorker.com/magazine/2021/04/26/the-incredible-rise-of-north-koreas-hacking-army
 Rise of DPRK hacking army? Need for money rising?
 FASTCash - At 7-eleven, withdraw with white care $900 in 19 transactions, choose Japanese, go
to another 7-eleven, keep 10% of cash = 16 million dollars stolen from Japan – ringleader? ->
North Korea
 DPRK = founded on juche or self-reliance, it is hard to understand the inside and its hard for the
inside to get information from/to the outside
 Less than 1% of people have access to the internet but “the North Korea government has
produced some of the world’s proficient hacker”
 “North Korea has equipped its military with offensive and intelligence gathering cyber weapons”
 “North Korea, moreover, is the only nation in the world whose government is known to conduct
nakedly criminal hacking for monetary gain” -> this military -intelligence division is
Reconnaissance General Bureau (RGB)
 “it is difficult to quantify how successful Pyongyang’s hackers have been”
 “unlike terrorist groups, North Korea’s cybercriminals do not claim responsibility when they
strike”
 “in 2019, a United Nations panel of experts on sanctions against North Korea issued a report
estimating that the country had raided two billion dollars through cybercrime”
 “many of the funds stolen by North Korean hackers are spent on the Korean People’s Army’s
weapons program”
 “the cybercrime spree has also been a cheap and effective way of circumventing the harsh
sanctions that have long been imposed on the country” maybe this is an important part when
cyber could step up their game?
 DPRK has been watching the US engage in warfare and have concluded that technology is
modern warfare and gives an upper hand
 “the West didn’t really wake up to the danger posed by North Korea’s cyber forces until after
the country executed three spectacular crimes, between 2014 and 2017”
Deterrence, Active Defense and Resilience:

o 1. Hack of Sony Pictures after the trailer for “The Interview”

o 2. Lazarus Group – banks in Dhanka, Bangladesh (clickable link to malware letting
access), a network update didn’t allow the swift message to new York to be read in
Bangladesh which was impressive, the federal reserve grants the first five requests
totaling a hundred and one million dollars, an alert was triggered for connection to a
Philippines bank branch on the sanctions list for activities in Iran
o 3. Not funny anymore – Wannacry 2.0 networks around the world, Boeing, Britain’s
NHS, Germany’s railroad – demanded Bitcoin to unfreeze the systems
 Long history of criminal activity “even before the Korean War, smugglers and warlords had
thrived in the region”
 Behind the counterfeit hundred dollar “supernote” so much so that the U.S. Treasury
redesigned it
 Surprise = “it wasn’t just that Pyongyang’s cyber warriors could compromise computer networks
around the world; they showed real innovation in exploiting new technologies”
 “the process by which North Korean hackers are spotted and trained appears to be similar to the
way Olympians were once cultivated in the former Soviet bloc”
 “despite lacking many other resources, it is not short of human capital”
 The educational institutions “vacuum up the most talented teen-agers from the specialized
math and computer high schools and then teach them advanced code” -> these institutions
often outperform American and Chinese colleges in programming contests
 It is estimated that 7,000 people work in the DPRK cyber program How much does the US have
in comparison?

file:///C:/Users/nxher/Downloads/sustainability-14-01744.pdf (2022)

 How has it become this, what motivated them, what are its strengths, what implications for
international security
 Currently it is impoverish with infrastructure, economics, and technological development falling
behind 1
 “the literature on North Korea’s cyber capabilities and their implications for international
security has not been well-developed yet and remains fragmented” 2
 Purpose of report = “seek to explore their implications for international security and come up
with the best security strategies that successfully handle Pyongyang’s accelerating cyber
threats/attacks” 2
 Asymmetric weaponry – cyber offensive capabilities 2
 3 reasons for developing cyber capabilities 2
o 1. Counterbalance the gap between them and the US/South Korea
o 2. Causing disruption to adversaries with little risk of retaliation
o 3. Financing the impoverished nation
 “North Korea has emerged as a formidable actor in cyberspace. Currently, few states in the
world can outperform North Korea’s advanced cyberwarfare skills” 12
 ^some disagree with this 12
o “powerful states are immune to conventional attack”…”therefore, North Korea’s
cyberwarfare capabilities may not be a significant threat to international security”
 “Pyongyang has effectively used cyber capabilities to achieve its foreign policy goals” 12
 “North Korea’s cyber operations [are] quite successful because they have ‘achieved all their
aims at a low cost’” 12
Deterrence, Active Defense and Resilience:

 Attention should be kept on their nuclear programs

https://en.asaninst.org/contents/the-evolution-of-north-korean-cyber-threats/ (2019)

 “cyber operations are low-cost and low-risk, allowing North Korea to counter countries which
have highly computer-dependent infrastructure with little fear of retaliation”
 “due to their low-intensity, these attacks often lie beneath the threshold of an armed attack,
reducing the risk of escalating the conflict to an unaffordable level”
 Major shits observed
o 1. Increased cyber-attacks aimed at financial gain
o 2. Decrease in visibility of cyber operations (rise in speculation)
 Distributed Denial of Services (DDoS) Attacks: “the intentional paralyzing of a computer network
by flooding it with data sent simultaneously from many individual computers” -> it is one of the
most disruptive things in cyberspace as DDoS can block all of a targeted computer system at
once
 “North Korea’s cyber activities became increasingly oriented towards information gathering
especially related to South Korea’s strategies and military capabilities”
 Rise in target against financial institutions and decrease in espionage
 There are some nice charts in here
 “identifying patterns in past attacks and understanding the reasons for these attacks can help
South Korea better prepare for their future:
 “the U.S. and the U.K> have responded to cyber-attacks by explicitly naming the culprits and the
organizations beyond these attacks”
 APEC, SEAN, NATO might offer some solutions
 Recommendations
o “South Korea mut keep a close watch on espionage activites in order to correctly
estimate North Korea’s capabilities”
o “addressing vulnerable systems must be prioritized according to standardized risk
approach”
o “South Korea could benefit from establishing closer collaboration, both on a bilateral
and multilateral level, with the countries which have experienced or become the victims
of the North Korean cyber-attacks.” -> “intelligence sharing can help all parties involved
to overcome their security problems by addressing each party’s system weakness.”
o “South Korea could participate and help restart the UN Group of Government Experts
process since it became stalled in 2017”
o Looking at Russia’s use of social media, “South Korean social media is a fertile ground for
North Korea to exploit”…”a holistic approach would necessitate a more comprehensive
and updated Cyber Security Master Plan including counter-measures against
manipulation of social media”

https://www.bbc.com/news/business-59990477

 “North Korean hackers stole almost $400m (291 Euros) worth of digital assets in at least seven
attacks on cryptocurrency platforms last year”
 “North Korea has routinely denied being involved in hack attacks attributed to them” this may
be one of the main difficulties of dealing with them
Deterrence, Active Defense and Resilience:

 “the hackers used a number of techniques, including phishing lures, code exploits and malware
to siphon funds from the organizations’ hot wallets and then moved them into North Korea-
controlled addresses”
 “cryptocurrency hot wallets are connected to the internet and cryptocurrency network and so
are vulnerable to hacking. They are used to send and receive cryptocurrency, and allow users to
view, how many tokens they have”
 “Chainanalysis said it is likely that many of last year’s attacks were conducted by the so-called
Lazarus Group” -> “the group is believed to be controlled by North Korea’s primary intelligence
bureau, the Reconnaissance General Bureau”
 “A United Nations panel that monitors sanctions on North Korea has accused Pyongyang of
using stolen funds to support its nuclear and ballistic missile programmes as way to avoid
international sanctions”

https://foreignpolicy.com/2022/02/09/north-korea-knows-how-important-its-cyberattacks-are/

 Here

https://thediplomat.com/2022/07/mapping-major-milestones-in-the-evolution-of-north-koreas-cyber-
program/

 North Korea’s offensive cyber program has been developing for over 35 years
 They have shifted from “disruptive cyberattacks and cyber intrusions primarily targeting South
Korean government agencies to hacking banks and cryptocurrency exchanges located both on
an doff the Korean Peninsula”
 “there is relatively little investigation into the potential origins of the country’s cyber program”
the source says this part is important to understand so that bilateral cybersecurity strategy can
be improved
 “North Korean society has been inherently linked to the military since the founding of the
country in 1945”
 “all North Korean men are required to serve in the military for 10 years” -> they then recruit the
high-scoring graduates for intelligence
 “Pyongyang established three institutions that significantly contributed to advancing the
country’s offensive cyber program: Mirim College (1984), the Pyongyang
Informatics/Information Center (1986), and the Korea Computer Center (1990)”
 “after the fall of the Soviet Union in 1991, North Korean nationals who had previously studied at
Frunze Military Academy, one of the most prestigious military educational institutions in the
Soviet Union, began to lead computer science and hacking courses at Mirim College”
 This college has trained 1,300 hackers + 6,000 hackers involved in illicit cyber activity
 The Sunshine Policy – from 198 to 2008 “South Korea abandoned its former defensive approach
to Pyongyang and pursued ‘flexible reciprocity’ meaning that Seoul would offer economic and
politic concessions without North Korea having to meet any specific conditions in the hopes of
eventual behavioral change”
o Though this was a failure because North Korea resumed its nuclear development in
secret -> diplomatic superficial victories
o The policy “included numerous educational and technical exchanges between North and
South Korea”
Deterrence, Active Defense and Resilience:

o “While Seoul’s intent was to marry ‘South Korea’s outstanding IT expertise with North
Korea’s remarkable labor force to share and develop cutting-edge technology together’
the sheer level of illicit cyber operations conducted against South Korean cyber
infrastructure and technology just several years after these educational exchanges
occurred indicated the need for further research into the actual applications of the
knowledge obtained during this period”
o “other foreign institutions, including U.S. universities, provided technical support and
training to North Korean students” (starting in 2002) -> the concern here is the “misuse
of information in subsequent years”
o There has been “continued academic and technical support from Beijing and Moscow”