Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Zenger
Zenger
World
Aveek Bhowmik

North Korean Hackers Focused On Espionage, Report Reveals

People watch a television broadcast showing a file image of a North Korean leader Kim Jong-Un at the Seoul Railway Station on May 31, 2023 in Seoul, South Korea. The notorious hacking group Lazarus primarily targets global entities within North Korea's cyber-operations landscape notorious hacking group Lazarus primarily targets global entities. CHUNG SUNG-JUN/GETTY IMAGES

A new report by a cyber-intelligence company challenges the perception of North Korean hackers solely engaged in financially motivated cybercrimes and cryptocurrency heists. Instead, the report reveals that their primary focus lies in cyber espionage and information collection.

What Happened: The report by Recorded Future states that North Korea’s cyber espionage operations outweigh its financially motivated cybercrimes, according to Foreign Policy. The report highlights North Korea’s focus on information collection and targeting of government entities and neighboring countries in Asia, while also engaging in high-profile cryptocurrency heists.

Over 14 years, Recorded Future analyzed 273 cyberattacks linked to North Korean state-sponsored groups. More than 70 percent of these attacks were driven by the goal of information collection rather than financial gain.

“What this report shows is that they’re still heavily focused on information collection, or cyber-espionage, and they conduct more of those operations than they do financially motivated or financial theft operations,” Mitch Haszard, a senior threat intelligence analyst at Recorded Future and lead author of the report, was quoted as saying by Foreign Policy.

The report sheds light on Pyongyang’s objectives, emphasizing its interest in gaining “insight into how its adversaries think” and “access to information on technologies” that could be advantageous in potential conflicts. Government entities are the most frequent targets, followed by cryptocurrency exchanges, media outlets, finance organizations, defense institutions and nongovernmental organizations.

But North Korea’s fascination with cryptocurrency is what sets it apart, as it employs cyber-operations as a crucial means to fund its nuclear arsenal. Anne Neuberger, President Joe Biden‘s deputy national security adviser for cyber and emerging technology, said that about half the regime’s missile program is financed through cryptocurrency and cyberheists.

Representation of Bitcoin and other cryptocurrencies is seen in this illustration photo taken in Krakow, Poland on June 26, 2023. The idea that North Korean hackers only engage in financially driven cybercrimes and cryptocurrency heists is challisenged by a new research from a cyber-intelligence firm. JAKUB PORZYCKI/NURPHOTO/GETTY IMAGES

“There aren’t really any other states or countries that are trying to steal cryptocurrency, so North Korea is unique in that perspective, but they still do a lot of things that other states do,” Haszard was quoted as saying.

While cryptocurrency heists have been attributed to North Korean hackers, Haszard and his colleagues found that most of their cyber activity focused on targets closer to home. Almost 80 percent of the attacks occurred in Asia, with South Korea being the primary target, accounting for over 65 percent of attacks among the 29 countries targeted. The U.S. ranked a distant second at 8.5 percent.

Within North Korea’s cyber-operations landscape, the notorious hacking group Lazarus primarily targets global entities. However, the most common perpetrator of cyberattacks is a group called Kimsuky, which focuses on Asian government and civil society entities. According to multiple U.S. law enforcement agencies, the hackers often masquerade as South Korean journalists, luring targets with the promise of interviews and then infecting their devices with malware.

Why It Matters: North Korea’s shift towards cyber espionage and information collection raises concerns about their intentions and capabilities in cyberspace. However, compared to other cyber-capable adversaries like Russia and China, North Korea has demonstrated a reduced inclination for conducting large-scale disruptive attacks on critical infrastructure or engaging in ransomware campaigns, states the report.

Produced in association with Benzinga

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.