North Korea is one of those countries that control access to the Internet, and their cyber capabilities are developed to the level of offensive operations. Three South Korean cybersecurity experts presented a conference paper in 2019 titled “The All-Purpose Sword,” which provides details on how North Korea utilizes cyber to project power around the globe. When Sony Pictures Entertainment employees got onto their computers in November 2014, a red skeleton with the slogan “Guardians of Peace” was waiting for them. However, behind the scenes, spyware had deleted all of the company’s servers’ data as well as that of thousands of individual machines. This episode, which involved a conspiracy to murder Kim Jong-un, became known as “Operation Blockbuster” in retribution for the comedy film “The Interview.”
The North Korean government has been interested in cyberspace since the 1990s. After carefully examining American superiority in the Gulf, Kosovo, and Iraq Wars and the benefits of having a networked force, Kim Jong-Il, the former leader of North Korea, became interested in developing a cyber-military. When he was replaced by his son Kim Jong-un, a computer science student himself, this objective was accomplished. T the supreme leader concentrated on developing the nation’s cyber expertise. Each year, North Korea dispatches 50 to 60 personnel to study computer science overseas with the intention of returning as hackers for its cyber divisions. There are reportedly close to 7000 skilled cyber professionals in the nation.
It makes perfect sense for North Korea to choose this path since in the twenty-first century, winning a war means breaking into your adversary’s networks and disrupting them. They have been able to launch assaults like the WannaCry ransomware, which spread over the world and brought down vital systems worldwide, because of their asymmetric cyber capacity.
Read More: Rise of Anonymous in Cyber War
Actually, there are several names used to refer to North Korean hacker outfits in the security research community. Based on the malware naming conventions they employed, North Korean state-sponsored advanced persistent threats (APTs) have been dubbed Lazarus Group, AndAriel, DarkHotel, Bluenoroff, etc. However, they all often come from the same organizations and departments. Regardless of their diplomatic or economic status, the North Korean leadership sees cyberwarfare as a tool to attack any place. Their TTP, or techniques, tactics, and procedures, are very practical and put a strong emphasis on efficiency.
Prior to assaulting via spear-phishing emails with links to websites that serve zero-day or one-day browser flaws, they spend a lot of time conducting reconnaissance on targets. Additionally, they break into websites to utilize them as distribution points for malware or as servers used for command and control, where data from their implants is sent back.
To hide their operations, they set up and run shell firms that appear legal. In order to avoid utilizing IP addresses that are allotted to North Korea and to maintain connectivity to the Internet through physical fiber links in both China and Russia, North Korea also combines its TTP with those of friendly nations. They frequently send hacking teams to conduct cyber operations from China, Belarus, Russia, India, and Malaysia, giving their employees the chance to get tradecraft experience by working there.
Since North Korea requires new means of generating income. They adopt innovative strategies like disseminating malware or picking on cryptocurrency exchanges to target for more revenue as classic methods like forging or hacking banks become more difficult.
Information suggests that between 2017 and the end of 2018, they stole about $500 million worth of cryptocurrencies. According to North Korea’s cyber operations policy, by effectively utilizing its domestic resources, it is possible to achieve effective outcomes even while using simple, low-tech methods. The key is in the concerted effort.
Under the direction of Supreme Leader Kim, chairman of the State Affairs Commission, North Korea’s cyber forces are established, the General Staff Department and the Reconnaissance General Bureau, RGB, and GSD, respectively are key cyber institutions. The 2009-founded intelligence organization RGB is in charge of unusual, covert operations.
It contains Bureau 121, which consists of multiple smaller departments and is the main office in charge of hacking activities. The main cyber division of Bureau 121 is Lab 110, which is again split into three useful offices. Office 98 mainly gathers data on North Korean defectors, groups that help them, foreign research institutions connected to North Korea, and academics from South Korean universities. They can monitor what information is being released and who is leaking it by hacking into these targets and then maybe take action against them. Office 414, which includes divisions in both China and North Korea, compiles data on foreign governments and private businesses.
Read More: Is Central Asia Cyber Secure?
Office 35 is a group responsible for researching vulnerabilities and creating toolchains, malware, and exploits. Unit 180 and Unit 91 are two more specialist units that fall under Bureau 121. Unit 180 is a cyber-financial operations unit that specializes in stealing money from sources other than North Korea. To keep their actions hidden, they often work abroad.
This might entail credit card theft, cryptocurrency theft, and bank robberies like the one that cost Bangladesh’s central bank about $100 million in 2016 due to compromised credentials in the SWIFT wire transfer system.
Unit 91 concentrates on cyberattack operations against vital infrastructure including power plants and industrial control systems, which frequently contain networks that are separated from the public Internet and are difficult to breach.
The GSD, the major military division of North Korea, is also active in cyber operations. The Operations Bureau creates missions and strategies as well as performs cyber planning. The Command Automation Bureau devises strategies for fusing cyber capabilities with traditional military tactics. Malware is created by Unit 31, military software is created by Unit 32, and command and control infrastructure is created by Unit 56. Last but not least, information and psychological warfare are the responsibilities of the Enemy Collapse Sabotage Bureau.
These many functional domains need a significant amount of mission planning, coordination, and reporting components that go beyond merely being practical and technical. North Korea has developed many of these capabilities over time in order to harm its enemies and also as a way to improve its economic condition.