23 December 2014

HP Security Briefing, episode 16 - Profiling an enigma: North Korea’s cyber threat landscape

August 27, 2014 

In this Security Briefing, we discuss the cyber-landscape inside the Democratic People’s Republic of Korea (DPRK), known in the West as North Korea, and into how that nation pursues its military agenda online. You can listen to this episode of the HP Security Briefing podcast on the Web or via iTunes, and you can read or download the detailed companion report here.

North Korea has a military-focused society and an unconventional technology infrastructure. Due to North Korea’s hostility toward other nations, its pursuit of nuclear weapons, and its human rights violations against its own citizens, the United Nations and many Western entities have placed sanctions and embargoes against North Korea. That said, the nation has continued its tradition of asymmetric warfare into the age of the Internet, with a remarkable commitment to developing cyber warfare capabilities even as it copes with aging infrastructure.

While those capabilities are of particular interest from a national security perspective, available intelligence on this topic is limited due to the nature of North Korea’s Internet infrastructure and the regime’s strict control over its use. This security briefing takes a look at North Korea’s known cyber-capabilities and how the country maintains secrecy in these matters.

Due to North Korea’s global interactions, its cyber warfare capabilities are of particular interest to the U.S. According to a 2009 report, North Korean hackers have successfully penetrated U.S. defense networks more frequently than any other country that has targeted those assets. While one would expect the regime’s digital infrastructure to suffer from aging or lack of resources, these factors do not take away from its technical abilities to wage cyber warfare.

While the U.S. views North Korea’s cyber warfare program as the regime’s foray into modern asymmetrical warfare, its neighbor to the south views those cyber capabilities as a terroristic threat -- preparations for a multifaceted attack, one that will happen sooner rather than later. Over the past two years alone, South Korea estimates that the North has nearly doubled the number of personnel trained and tasked with carrying out cyberattacks. It is of particular interest that much of North Korea’s cyber activity coincides with the annual U.S. – South Korea joint military exercises. Attacks not following that pattern were typically in response to political events impacting the regime or correlated with significant dates, such as the anniversary of the start of the Korean War. Our report digs into attacks that have taken place to date and how they were carried out.

Obtaining details on North Korea’s cyber warfare capability is not an easy task. Through information obtained via open source intelligence (OSINT) and from original analysis by HPSR malware researchers, we present what is known about North Korea’s cyber warfare programs and its supporting intelligence and psychological operations capabilities.

Attachments:

No comments: