North Korea’s state-sponsored hackers, under the command of Supreme Leader Kim Jong-Un, are continually improving their cyber capabilities, focusing on espionage and financial crimes, reveals a report by Google’s Mandiant threat intelligence group.
Furthermore, despite having a population of only 25 million, North Korea has been responsible for stealing over $3 billion in the last five years. The stolen funds have been used to support missile and nuclear programs. The report also suggests a shift in how North Korea organizes its cyber assets, possibly due to the COVID-19 pandemic, adopting a more fluid approach similar to China’s tactics.
Additionally, Mandiant identifies several hacking groups linked to North Korea, some primarily financially motivated, while others focus on cyberespionage and cyber operations. These groups include Andariel, TEMP.Hermit (associated with the Lazarus Group), AppleJeus, APT37, APT38 (known for financial theft), APT43 (focused on South Korea and U.S. organizations), CryptoCore (engaged in cryptocurrency theft), TraderTraitor, and skilled IT workers placed abroad by the regime. These groups often overlap and may engage in various malicious activities, making tracking and attribution challenging for defenders.
At the same time, North Korea is known for its innovative approaches, including using Linux and macOS malware and supply chain attacks. Mandiant’s report sheds light on the evolving and complex nature of North Korean cyber operations, highlighting their adaptability and agility, posing significant challenges for cybersecurity efforts globally.
