Connect with us

Hi, what are you looking for?



North Korea’s Cyber Warfare Capabilities Detailed in New Report

Despite challenges with lack of resources and aging infrastructure, North Korea is committed to developing cyber warfare capabilities, according to a report published by HP last week.

Despite challenges with lack of resources and aging infrastructure, North Korea is committed to developing cyber warfare capabilities, according to a report published by HP last week.

The United States and other countries have placed embargoes and sanctions against North Korea for its hostility and for violating its citizens’ rights. These sanctions make it more difficult to obtain the technology needed to enhance cyber capabilities, but the country doesn’t seem discouraged.

According to HP, there are several factors that make it difficult to gather intelligence on North Korea’s cyber warfare capabilities. One is the fact that most information comes from United States and South Korean military or agency reports, but they usually don’t include classified details such as IP addresses or information on the individual attackers.

Furthermore, many reports coming from South Korea might be biased because of the conflict and tension between the two nations. Another problem is that North Korea is isolated from the rest of the world and the country’s Internet infrastructure is under the regime’s strict control. The strict supervision of the Web means that there are no rogue actors and that all state-sponsored actors are most likely well trained to avoid inadvertent data leaks, while the isolation enables the government to create confusion and spread disinformation about the regime’s capabilities.

On the other hand, the challenges faced by the country in developing its cyber warfare capabilities can provide some useful information. For example, the fact that the Web is strictly controlled by the regime means that independent hacker groups can’t operate, so all cyber activity originating in the country can be assumed to be sponsored by the government. North Korea is well aware that any cyber activity traced back to its territory is automatically associated with the government so many attacks sponsored by the regime are launched from cells in China, the United States, South Asia, Europe and even South Korea.

North Korea also cannot launch distributed denial-of-service (DDoS) attacks because there are only a limited number of outgoing connections. However, this hasn’t prevented them from conducting such cyberattacks; they simply use the networks of other nations, or botnets with local command and control (C&C) servers, HP said.

Pyongyang’s ability to expand infrastructure and computer network operations is limited by factors like unstable power supplies, monetary deficiencies, and the inability to directly obtain the needed technology due to sanctions.

On the other hand, the human element has potential, HP noted. According to recent reports, North Korea has a total of 5,900 elite cyber warriors, which is a considerable increase compared to two years ago when there were roughly 3,000.

Advertisement. Scroll to continue reading.

The regime’s cyberattacks have been mainly aimed at South Korea and the United States, although the former might often rush to attribute any attack on its infrastructure to North Korea. The operations mostly took place when the U.S. and South Korea conducted joint military exercises, in response to political events, or on other significant dates, the report said.

Most of the attacks allegedly launched by North Korea involved the use of wiper malware. In many cases, the malicious elements were specifically designed to disable software produced by AhnLab, a South Korea security firm.  While different hacker groups have taken credit for each attack, experts believe that the same entity might have been responsible for all the operations, but assumed different names to throw investigators off track.

“While North Korea’s cyber warfare capabilities pale in comparison to those of wealthier nations, the regime has made significant progress in developing its infrastructure and in establishing cyber operations. The rate of this progress warrants a closer look at North Korea’s motivations, TTPs, and capabilities,” HP said.

Unlike North Korea, its main adversaries, the U.S. and South Korea, are high tech nations. For this reason, Pyongyang’s cyber capabilities should not be overestimated. On the other hand, they should not be underestimated either because the country can leverage less advanced tactics, such as DDoS, to successfully cripple its targets.

 The complete report on North Korea’s cyber threat landscape is available online.

*Updated to fix an error mistakely mentioning Seoul instead of Pyongyang

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Kim Larsen is new Chief Information Security Officer at Keepit

Professional services company Slalom has appointed Christopher Burger as its first CISO.

Allied Universal announced that Deanna Steele has joined the company as CIO for North America.

More People On The Move

Expert Insights

Related Content


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.


Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...


Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.


An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...