A new report by a cyber-intelligence company challenges the perception of North Korean hackers solely engaged in financially motivated cybercrimes and cryptocurrency heists. Instead, the report reveals that their primary focus lies in cyber espionage and information collection.
What Happened: The report by Recorded Future states that North Korea’s cyber espionage operations outweigh its financially motivated cybercrimes, according to Foreign Policy. The report highlights North Korea’s focus on information collection and targeting of government entities and neighboring countries in Asia, while also engaging in high-profile cryptocurrency heists.
Over 14 years, Recorded Future analyzed 273 cyberattacks linked to North Korean state-sponsored groups. More than 70 percent of these attacks were driven by the goal of information collection rather than financial gain.
“What this report shows is that they’re still heavily focused on information collection, or cyber-espionage, and they conduct more of those operations than they do financially motivated or financial theft operations,” Mitch Haszard, a senior threat intelligence analyst at Recorded Future and lead author of the report, was quoted as saying by Foreign Policy.
The report sheds light on Pyongyang’s objectives, emphasizing its interest in gaining “insight into how its adversaries think” and “access to information on technologies” that could be advantageous in potential conflicts. Government entities are the most frequent targets, followed by cryptocurrency exchanges, media outlets, finance organizations, defense institutions and nongovernmental organizations.
But North Korea’s fascination with cryptocurrency is what sets it apart, as it employs cyber-operations as a crucial means to fund its nuclear arsenal. Anne Neuberger, President Joe Biden‘s deputy national security adviser for cyber and emerging technology, said that about half the regime’s missile program is financed through cryptocurrency and cyberheists.
“There aren’t really any other states or countries that are trying to steal cryptocurrency, so North Korea is unique in that perspective, but they still do a lot of things that other states do,” Haszard was quoted as saying.
While cryptocurrency heists have been attributed to North Korean hackers, Haszard and his colleagues found that most of their cyber activity focused on targets closer to home. Almost 80 percent of the attacks occurred in Asia, with South Korea being the primary target, accounting for over 65 percent of attacks among the 29 countries targeted. The U.S. ranked a distant second at 8.5 percent.
Within North Korea’s cyber-operations landscape, the notorious hacking group Lazarus primarily targets global entities. However, the most common perpetrator of cyberattacks is a group called Kimsuky, which focuses on Asian government and civil society entities. According to multiple U.S. law enforcement agencies, the hackers often masquerade as South Korean journalists, luring targets with the promise of interviews and then infecting their devices with malware.
Why It Matters: North Korea’s shift towards cyber espionage and information collection raises concerns about their intentions and capabilities in cyberspace. However, compared to other cyber-capable adversaries like Russia and China, North Korea has demonstrated a reduced inclination for conducting large-scale disruptive attacks on critical infrastructure or engaging in ransomware campaigns, states the report.
Produced in association with Benzinga