Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

North Korea Cyber Threat ‘More Aggressive Than China’: US Firm

North Korean hackers are becoming more aggressive than their Chinese counterparts, a leading US cybersecurity firm warned Tuesday, as it identified a Pyongyang-linked group as an “advanced persistent threat”.

North Korean hackers are becoming more aggressive than their Chinese counterparts, a leading US cybersecurity firm warned Tuesday, as it identified a Pyongyang-linked group as an “advanced persistent threat”.

It was the first time that FireEye had used the designation for a North Korean-based group.

Analysts say the isolated and impoverished but nuclear-armed North has stepped up hacking operations partly to raise money for the cash-strapped regime, which is subject to multiple sanctions over its atomic weapons and ballistic missile programs.

North Korea Cyber ThreatNorth Korea has previously been blamed for the WannaCry ransomware that briefly wreaked havoc around the world last year — an accusation it angrily denies.

FireEye said North Korean operatives had expanded their targets beyond South Korea and mounted increasingly sophisticated attacks, adding it had identified a suspected North Korean cyberespionage group it dubbed “APT37” — standing for “advanced persistent threat”.

APT37 was “primarily based in North Korea”, it said, and its choice of targets “aligns with North Korean state interests”.

“We assess with high confidence that this activity is carried out on behalf of the North Korean government,” it added.

APT37 has been active at least since 2012, it said, previously focused on “government, military, defence industrial base and media sector” in the rival South before widening its range to include Japan, Vietnam and the Middle East last year, and industries ranging from chemicals to telecommunications.

“This group should be taken seriously,” FireEye added.

FireEye’s first APT was identified in a 2013 report by company division Mandiant, which said that hackers penetrating US newspapers, government agencies and companies “are based primarily in China and that the Chinese government is aware of them”.

One group, it said then, was believed to be a branch of the People’s Liberation Army in Shanghai called Unit 61398. Five of its members were later indicted by US federal prosecutors on charges of stealing information from US firms, provoking a diplomatic row between Washington and Beijing.

“We have seen both North Korean and Chinese operations range from simplistic to very technically sophisticated,” FireEye’s director of intelligence analysis John Hultquist told AFP.

“The sharpest difference between the two really lies in the aggressive nature of North Korean operations,” he added.

“Whereas Chinese actors have typically favoured quiet espionage, North Korea has demonstrated a willingness to carry out some very aggressive activity, ranging from attack to outright global crime.”

But the WannaCry ransomware, he believes, was the work of a different North Korean group. “Thus far, we have only found APT37 doing the quiet espionage but they are a tool the regime can use aggressively.” 

The North is known to operate an army of thousands of well-trained hackers that have attacked South Korean firms, institutions and even rights groups helping North Korean refugees.

Its cyberwarfare abilities first came to prominence when it was accused of hacking into Sony Pictures Entertainment to take revenge for “The Interview,” a satirical film that mocked its leader Kim Jong Un. 

More recently, according to analysts, the North’s hackers have stepped up campaigns to raise funds by attacking cryptocurrency exchanges as the value of bitcoin and other cybercurrencies soared.  

Written By

AFP 2023

Click to comment

Expert Insights

Related Content

Nation-State

The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...

Nation-State

FBI says a North Korea-linked threat group known as Lazarus and APT38 is behind the $100 million Horizon bridge cryptocurrency heist.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Cybercrime

Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.

Cyberwarfare

The UK’s NCSC has issued a security advisory to warn about spearphishing campaigns conducted by two unrelated Russian and Iranian hacker groups.

Nation-State

A China-linked hackers are exploiting a vulnerability (CVE-2022-42475 ) in Fortinet FortiOS SSL-VPN, Mandiant claims.

Cyberwarfare

Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...