NORTH KOREAN HACKERS – A STATE OUTFIT?
Though the fast-paced digital transformation did not happen in N. Korea yet the proficiency the hacking they practice, puts them amongst the top in the world. Hacking is the new normal. North Korea leads the pack with a demonstrated capability of some sensational hacks in recent times. Investigations in many of such cases have squarely blamed North Korea for its misdeeds. The state and the non-state actors seem to have blended with a cause. If cyber-attacks have to become the norm the direction, support and legal safeguard have to be tacitly provided by the state.
There is no gainsaying that the North Korean state leads the attack in most of the cases, nonetheless surreptitiously. The unstated state policy has become the cornerstone in case of growing number of nation states. It is reported that the South Korean police are investigating whether a North Korean hacker group, which has been accused of stealing from 14 entities, also obtained information on defence technology, which might have included an anti-aircraft laser. US Federal Bureau of Investigation, FBI, working together with the South Korean Police is trying to determine the nature of extent of the data obtained by the group known as Andariel.
The state and non-state actor connect has already been confirmed by the US government in 2019 itself. US Dept of the Treasury listed Andariel as a North Korean state-sponsored hacking group. As per that information, the group focuses on malicious cyber operations on foreign businesses, government agencies and the defence industry. This background has led the current collaboration and investigation support. It is also being told that cache of data included key South Korean defence secrets. The total stolen data may come to some 250 files, or 1.2 tera bytes. A proxy server set up for the purpose was accessed in a district of North Korean capital 83 times between Dec 2022 and March 2023.
The server was used to access websites of firms and institutions. The group had deliberately taken services of a South Korean hosting service which rents servers to unidentified clients. Ransomware goes hand in hand with these complex nefarious tech capabilities. The group is alleged to have extorted $357,866 worth of bitcoin from three South Korean and foreign firms in ransomware attacks. North Korea has always denied these hacks. Some of bitcoins paid in the ransomware attacks passed through the bank account of a foreign woman and was withdrawn at a bank in China. Obviously, the lady has denied and detailed investigations are on.
HAS HACKING BECOMING AN ELEMENT OF POLICY FOR SOME NATION STATES?
Have a nice evening.