China, Russia and Iran each pose evolving cyberthreats to the U.S. government and American companies, but North Korea has the “most innovative” hackers, former intelligence officials and private sector leaders say — in part because they have less money and have to get creative to get results.
Whether it’s snatching credit card data from citizens, unleashing ransomware on corporations or swiping defense secrets from South Korea — North Korea’s hacker army is almost as feared globally as its nuclear arsenal, experts contend.
“While they may lack the technical sophistication of Russia, China or certainly the U.S., I would call the North Koreans the most innovative threat actors in cyberspace,” Dmitri Alperovitch, co-founder of leading cybersecurity firm CrowdStrike, told a global cyberthreats summit Tuesday in Washington.
“If you look at what they have been able to do over the past two decades, they have really pioneered the tradecraft that other have adopted since then,” he added.
Mr. Alperovitch described tactics that Pyongyang’s military elite have refined that range from effective, destructive cyberattacks that hold data ransom to high-profile capers like the infamous Sony Pictures hack of 2014, conducted in retaliation for the making of a comedy that caricatured North Korean leader Kim Jong-un.
North Korea’s hacker army is also directly tasked by the reclusive regime with filling government coffers, especially to support “the budgets of many of the agencies overseeing cyberattacks.”
On Tuesday, news emerged from North Korea that state-funded hackers had recently targeted South Korean digital asset trading platforms specializing in selling cryptocurrencies, like bitcoin.
The hacks were allegedly completed to circumvent sanctions imposed on the regime, and to make money, researchers from the cybersecurity firm Inksit Group found.
Officials in Pyongyang were also running illegal initial coin offering (ICO) — similar to initial public offerings of stock, but for cryptocurrencies.
“Broadly, these types of cryptocurrency scams fit the template of low-level financial crime described by defectors that has plagued South Korea for years, and that the international community is just beginning to track,” Inksit Group said.
“It is a natural step for both a group of actors that has been so embedded in the cryptocurrency world for years and for a network that is being forced to innovate new funding streams to counter the effects of international sanctions,” the firm’s researchers added.
International sanctions on North Korea have largely isolated it from the global financial system, causing Mr. Kim and his officials to seek alternative and often illegal means to transact businesses with international companies.
During the cyberthreat event, hosted by the Foundation for Defense of Democracies think tank, David Maxwell, a senior FDD fellow and retired U.S. Army colonel, lamented that Washington had yet to devise an authoritative response to North Korean cyberattacks.
Frank Cilluffo, director of Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security, argued that the U.S. security establishment is more focused on North Korea’s nuclear threat, than the perils posed by its hacking army.
Mr. Maxwell added that because North Korea does not fear a decisive U.S. response to cyber meddling, “it is being emboldened over time” to do more.
• Dan Boylan can be reached at dboylan@washingtontimes.com.
Please read our comment policy before commenting.