Increased activity by North Korean state hackers forced South Korea, the United States and Japan to create a special advisory group to coordinate cybersecurity efforts. The idea of consolidating efforts, apparently, was discussed back in August, at the international summit at Camp David.
The decision was made last week following negotiations in Washington between Anne Neuberger, U.S. deputy national security adviser for cyber and emerging technologies, and her South Korean and Japanese colleagues.
As part of the initiative, regular quarterly meetings will be held in a new format.
North Korean hackers are state sponsored
North Korea is often accused of cyberattacks aimed at financing its missile and nuclear programs. As noted in a recent UN report, in 2022, hackers working for the DPRK were particularly likely to attack foreign companies to steal cryptocurrency. Thanks to high-tech methods, record amounts were stolen compared to previous years.
The UN said most of the cyberattacks its researchers looked at were carried out by groups controlled by North Korea’s top spy agency. These groups include Kimsuky, Lazarus Group and Andariel, and are monitored by the cybersecurity industry in the US, Europe and Asia.
For example, the media reported that the FBI has officially linked the hack of the Harmony Horizon cross-chain bridge to the Lazarus group. The robbery, which took place at summer 2022, resulted in theft of $100 million worth of cryptocurrency assets.
North Korea’s activity in the cyber threats has been growing over recent years
Aside from country-specific cyberattacks, North Korean hackers also launch supply chain attacks. For example, in April we reported that a group linked to the Asian dictatorship authorities attacked the supply chain of the company 3CX, which caused a number of other attacks on supply chains.
According to experts, the UNC4736 hackers were associated with the financially motivated hacker group Lazarus from North Korea.
We also talked about the hunt of North Korean cybercriminals for IT specialists. Attackers have sought to infect researchers’ home systems and software with malware aiming to infiltrate the networks of companies for which their targets work.
Government groups for this spy company switched from phishing emails to using fake LinkedIn accounts allegedly belonging to HR. These accounts carefully imitate the identities of real people in order to deceive victims and increase the chances of an attack being successful.
Having contacted the victim and made her an “interesting offer” for a job, the attackers try to transfer the conversation to WhatsApp, and then use either the messenger itself or email to deliver a backdoor, which the researchers called Plankwalk, as well as other malware.
North Korea as part of a new axis of evil
The North Korean regime is dangerous not only because it sponsors cyber attacks on Western enterprises and companies, and not only because of repression against its citizens and the testing of new missiles that threaten the democratic countries of the Pacific region.
Recently, the Russian and North Korean dictatorships agreed to supply Korean weapons for use during the Russian invasion of Ukraine. CNN reported that more than a million artillery shells were transferred to Russia as part of this agreement.
Therefore, news about the consolidation of efforts in the fight against regimes that carry out certain actions that violate human rights can only be welcomed. Cyberspace has become a battlefield not only against crime – the confrontation in cyberspace is already taking place at the interstate level.
