United States Warns of Increasing Cyber Threat from North Korea
North Korea's malicious cyber operations are targeting the financial industry more and more.
The U.S. Federal Bureau of Investigation, and the State, Treasury and Homeland Security departments issued a detailed 12-page advisory on April 15 alerting the nation to an increased threat of malicious cyber activity by North Korea. The U.S. government’s advisory warned financial entities in particular of aggressive action by North Korea intended to harm the financial system, as well as threats to critical infrastructure.
“[We] are issuing this advisory as a comprehensive resource on the North Korean cyber threat for the international community, network defenders and the public,” the U.S. government entities stated. “The Democratic People’s Republic of Korea’s (DPRK’s) malicious cyber activities threaten the United States and the broader international community and, in particular, pose a significant threat to the integrity and stability of the international financial system.”
Last year, the Office of the Director of National Intelligence, in its annual Worldwide Threat Assessment from the U.S. Intelligence Community, asserted that Pyongyang’s cyber criminals tried to steal more than $1.1 billion from financial institutions across the world.
North Korea is most likely pursuing cyber assault to generate revenue for the country’s weapons of mass destruction and ballistic missile programs, according to the advisory.
“In particular, the United States is deeply concerned about North Korea’s malicious cyber activities, which the U.S. government refers to as HIDDEN COBRA,” the U.S. government entities stated. “The DPRK has the capability to conduct disruptive or destructive cyber activities affecting U.S. critical infrastructure. The DPRK also uses cyber capabilities to steal from financial institutions and has demonstrated a pattern of disruptive and harmful cyber activity that is wholly inconsistent with the growing international consensus on what constitutes responsible state behavior in cyberspace.”
North Korea sponsors cyber marauders—including hackers, cryptologists, and software developers—that “conduct espionage, cyber-enabled theft targeting financial institutions and digital currency exchanges, and politically motivated operations against foreign media companies,” the advisory stated. The ability of the cyber criminals has increased and the wide range of malware tools they use around the world in cyber attacks are increasingly sophisticated.
“It is vital for the international community, network defenders and the public to stay vigilant and to work together to mitigate the cyber threat posed by North Korea,” the U.S. government stated.
The State Department is offering rewards for information about illicit DPRK activities in cyberspace through its so-called Rewards for Justice program.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, or CISA, is providing reports that outline the technical details of the tools and infrastructure used by DPRK cyber actors, as well as documents on cybersecurity and infrastructure security knowledge and practices to help organizations improve their cyber risk management. Additionally, CISA supplies cybersecurity and infrastructure security knowledge and practices to its stakeholders.
In addition, the FBI issues FBI Private Industry Notifications, or PINs, which provide current information about potential cyber threats and FBI Liaison Alert System, or FLASH reports, which contain actionable intelligence to assist cybersecurity professionals and system administrators against digital attacks.
Lastly, the Department of Defense, through the U.S. Cyber Command, actively searches for DPRK malicious cyber activities, including malware designed to exploit financial institutions. The advisory noted that Cyber Command’s malware information to aid cybersecurity can be found on the following Twitter accounts: @US_CYBERCOM and @CNMF_VirusAlert.