Story image

North Korea's threat actors operating from other countries

07 May 18

Security firm Recorded Future says that North Korea most likely conducts malicious cyber operations from other countries including India, Malaysia, New Zealand, Nepal, Kenya, Mozambique, Indonesia, and China.

New Zealand may be an unlikely spot for North Korean activity, but the report, titled North Korea’s Ruling Elite Adapt Internet Behavior to Foreign Scrutiny, says it is primarily a hub for BitTorrent, video streaming, and gaming services.

“Over a three-day period in early January, a New Zealand Defence Forces IP attempted to repeatedly connect with North Korean networks. The activity was repetitive and noisy, but was not at the level where it would have caused a disruption of North Korean internet services,” the report claims.

“It is possible that New Zealand countered some North Korean operational activity through actions it undertook in August 2017 to deny visas to North Korean academics and its participation in United Nations and United States sanctions regimes.”

The report says that relations between Malaysia and North Korea have eroded, but North Koreans are still accessing emails from Malaysia.

This is a concern, says recorded future, because countries are hosting North Koreans who are conducting ‘illicit revenue-generation activities with the intent of circumventing international sanctions and to obtain advanced education, with the goal of progressing the North’s nuclear weapons and cyber operations programs’.

“North Korea uses its overseas diplomatic establishments, state-run restaurant chain, and citizens living abroad to facilitate illicit revenue generation and nuclear and cyber operations training. Thailand and Bangladesh host North Korean state-run restaurants, diplomatic establishments tied to criminal activity, and allow North Korean investment,” the report says.

North Korean malicious actors often use video counterfeiting, scams against online games and users to prop up the Kim Jong Un regime, the report claims.

Defectors claim they would earn $100,000 per year with 80% sent back to the Kim regime.

The people behind the malicious cyber operations would involve creating counterfeit videogames and bots that could steal digital items for resale at a profit. They would also find and sell new vulnerabilities in gaming software.

While North Korean’s elite internet users continue to change their digital environment, the medium is ‘indispensable’ to the Kim regime, particularly in the area of cyber operations.

“Tactical cyber operations, indicates how indispensable this medium is to the Kim regime. International efforts to restrict the activities and operational scope of this rogue nation must include sanctions or punitive measures on North Korean cyber operations.”

Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.