North Korean hackers are becoming more aggressive than Chinese hackers, a specialized US company warned on Tuesday, calling a group with Pyongyang a “persistent threat.”
This is the first time the US cyber security company FireEye awards this qualifier to a North Korean group.
According to analysts, Pyongyang is stepping up cyberattacks in part to find revenue sources for the multiple sanctions it faces because of its ballistic and nuclear programs.
North Korea has been accused of orchestrating last year’s global cyberattack with ransomware software Wannacry, which it belies.
FireEye said it had identified a cyber-espionage group it suspected of being North Korean and named it “APT37” for “Advanced Persistent Threat”.
APT37 “is mainly established in North Korea,” says the company. Its choice of targets “correspond to the state interests of North Korea” and “we believe with a high degree of certainty that APT37 is acting in support of the North Korean government”.
APT37 has been active since at least 2012. Initially, it targeted ”government, military, defence and media sectors” in South Korea before expanding its attacks, targeting Japan in 2017, Vietnam and the Middle East in particular, and sectors ranging from chemistry to telecommunications.
“This group must be taken seriously.”
The company inaugurated the APT category in 2013, claiming that hackers attacking US newspapers, government agencies, and businesses were “China-based” in the knowledge of the Chinese government.
One group, FireEye said, was likely a unit of the Chinese army in Shanghai. Five of its members were later charged by US justice, which provoked a diplomatic quarrel between Beijing and Washington.
“We’ve seen North Korean and Chinese operations vary from the very simplistic to the technically sophisticated,” says John Hultquist, FireEye’s director of analysis.
“The biggest difference between the two lies in the aggressiveness of North Korean operations.”
“Chinese actors traditionally prefer quiet espionage, but North Korea has shown that it is ready for very aggressive activities, ranging from attacks to real international crime.”
According to him, however, the WannaCry attack is the work of another North Korean group. “For the moment, we have associated APT37 only with the discreet espionage, but it is a tool which the regime can be used aggressively”.
According to experts, Pyongyang is deploying thousands of seasoned pirates who have attacked South Korean companies, institutions and even groups helping defectors in the North.
His abilities in the field had been highlighted by the piracy of Sony Pictures Entertainment in 2014, when the North was accused of revenge for the movie “The Interview,” a satire mocking its leader Kim Jong-Un.
But from policy, the targets have become financial, like the central bank of Bangladesh or the bitcoin trading platforms.