North Korean Cyber Espionage Campaign Seeks to Compensate for Air Power Vulnerabilities

McAfee, a U.S.-based private cybersecurity firm, released a new report last week assessing a North Korean cyber espionage campaign targeting the U.S. defense and aerospace industries. The campaign against these industries reflects Kim Jong Un’s vulnerabilities stemming from South Korea’s formidable airpower acquisitions over the past year.

In 2020, in what McAfee named Operation North Star, North Korean hackers created bogus job offers to trick victims into opening malware-laden documents. The hackers targeted data regarding specific U.S. government projects, which included the F-22 fighter jet program, Aeronautics Integrated Fighter Group, military aircraft modernization programs, and Defense, Space and Security (DSS) programs. The malware implants from this attack collected basic information from the compromised machines to assess the target’s value.

The timing of the attacks and intentional targeting of aerospace and defense companies suggest the hackers wanted to extract information about upgrades to South Korea’s air power capabilities. For instance, in 2019, South Korea deployed several new weapon systems, including the F-35A stealth fighter jet and the unmanned Global Hawk reconnaissance aircraft, both U.S.-made.

Currently, Pyongyang’s air force consists of 110,000 officers and enlisted personnel along with 1,650 aircraft. Despite the large size of the air force, Pyongyang’s combat aircraft are, on average, nearly 20 years older than those of South Korea and the U.S. – and unlikely to survive in any form of combat.

North Korea’s most formidable anti-air capability is the KN-06 surface-to-air missile that debuted in 2017, yet South Korea’s newly acquired F-35A jets could easily destroy North Korea’s existing air defenses.

Cyber espionage, in turn, offers Pyongyang an opening to steal proprietary information regarding Seoul’s latest military upgrades. Such tactics are emblematic of Pyongyang’s asymmetric warfare strategy that exploits its adversaries’ weaknesses.

Operation North Star targeted individuals interested in working on military aircraft modernization programs and the F-22 fighter jet. Military aircraft modernization programs address issues related to system design and mechanics, which could offer keen insights into the planes’ flaws and vulnerabilities. While the F-22 is not deployed to South Korea, it has regularly featured in joint U.S.-South Korea air exercises such Max Thunder and Vigilant Ace, suggesting it would be part of the alliance’s integrated air operations in future North Korea contingencies.

As South Korea continues to announce new air force acquisitions in 2020, Pyongyang’s hackers will likely continue spying on these key sectors and adjusting the regime’s military capabilities and warfighting plans accordingly.

In anticipation of these future hacks, defense and aerospace companies worldwide should appropriately patch their systems in order to detect and stop these implants earlier on. The targeted companies and industries should also train all employees on best practices for dealing with suspicious spear phishing emails and other deceptive tactics employed by hackers to gain initial access. If they do not, these companies will undermine a critical first line of defense against intrusions.

Mathew Ha is a research analyst focused on North Korea at the Foundation for the Defense of Democracies (FDD), where he also contributes to FDD’s Center on Cyber and Technology Innovation (CCTI). For more analysis from Mathew and CCTI, please subscribe HERE. Follow Mathew on Twitter @MatJunsuk. Follow FDD on Twitter @FDD and @FDD_CCTI. FDD is a Washington, DC-based, nonpartisan research institute focusing on national security and foreign policy.