U.S. Government Warns of Continued North Korean Cyber Activities

The U.S. government last week issued two technical alerts on North Korea’s cyber activities targeting the aerospace, telecommunications, finance, government, automotive, and media sectors. North Korea is engaged in cyber-enabled economic warfare and is using its attacks against South Korea and the U.S. to degrade our political and military power. The new alerts indicate that North Korea’s next step is targeting U.S. critical infrastructure, which would result in far greater damage than previous attacks.

In June 2017, the U.S. government issued its first alert on the tools and infrastructure used by North Korean cyber actors, whose malicious activity was given the code name HIDDEN COBRA. The three technical alerts, as well as a malware analysis report issued in August 2017, have informed the public about HIDDEN COBRA’s tactics and capabilities.

Last week’s alerts highlighted the Volgmer and FALLCHILL malware, which allowed North Koreans to infect and remotely access computers worldwide to conduct disruptive espionage and other malicious operations over extended periods of time. The technical alerts are significant because they inform and help U.S. critical industry and infrastructure operators prepare for North Korean cyber attacks.

Pyongyang’s cyber capabilities have improved dramatically in terms of sophistication, as well as their ability to penetrate and destroy targeted systems. For example, in March 2013, North Korean hackers disrupted South Korean banking and news media industries and subsequently destroyed computer hardware with estimated damages of $800 million. Additionally, North Korea targeted and compromised the websites and networks of U.S. Forces Korea (USFK) and South Korea’s defense ministry in 2011. The American public witnessed a glimpse of North Korea’s improved capabilities with the 2014 attack on Sony Pictures Entertainment, which was designed to prevent the release of a movie satirizing Kim Jong Un. The attack led to millions in damages.

While the Sony Pictures and USFK hacks did target U.S.-related entities, last week’s alerts highlight a much graver threat to U.S. national security. These alerts signal that North Korean hackers are now directly targeting U.S. critical infrastructure, thereby posing a serious threat to U.S. national security. The internet security firm FireEye recently reported that North Korean hackers attempted to access U.S. electric companies this year. The new U.S. government alerts about HIDDEN COBRA are a warning to U.S. industry to be vigilant against North Korean malware that would leave their networks vulnerable to cyber-sabotage operations. With Pyongyang’s increasing cyber prowess, the potency of surprise attacks, and increasing bilateral tensions between the U.S. and North Korea, it would be unwise to rule out North Korea striking back at U.S. pressure with a large-scale cyber-sabotage operation targeting U.S. civilian infrastructure.

In no way should Pyongyang’s cyber threat deter U.S. efforts to pressure and isolate North Korea. IT operators and chief information officers of critical U.S. infrastructure companies must not be bystanders to this unfolding crisis. Rather, they must utilize and learn from these new government alerts. Early preparation to strengthen cyber defenses and prevent hacks is the first crucial step to mitigate and overcome the increasing North Korean cyber threat.

Anthony Ruggiero is a senior fellow at the Foundation for the Defense of Democracies, where Mathew Ha is a research associate. Anthony was the nonproliferation advisor to the U.S. delegation to the 2005 rounds of the Six-Party Talks and spent more than 17 years in the U.S. government. Follow both on Twitter @_ARuggiero and @Matjunsuk.

Follow the the Foundation for Defense of Democracies on Twitter @FDD.