Countries such as the U.S. and European countries have been busy with preparing countermeasures against everlasting cyber-attacks from North Korea. However, South Korea which is the biggest target for cyber-attack groups from North Korea has been seen uninterested from such attacks.
According to global security companies such as McAfee, Symantec, and Kaspersky, many cyber-attacks that are presumed to be backed by the North Korean Government have been found in the U.S., Europe, and Asia this year. Some attacks were based on new ransomware for the purpose of extortion or abuse of normal programs in order to steal secret information.
It has been shown that the groups have strengthened their cyber-attacks that target national defense industries. Many security companies that analyze cyber-attacks from North Korea pointed out that North Korea has refined its strategies and technologies in order to increase success rate of its attacks. The Ministry of Defense of the government of Israel has been preparing countermeasures while the U.S. and European countries announced their reports on cyber-attacks from North Korea one after the other.
A security company called ClearSky made its analysis report on North Korea’s cyber-attacks public and pointed out that there is a high chance that North Korea was behind the cyber-attack that pretended to be job postings for the aerospace industry and the national defense industry for the U.S. Government. This attack is presumed to succeed penetrating global companies and institutions since the beginning of this year.
McAfee believes that a North Korean hacking group called “Hidden Cobra” is behind cyber-attacks within various aerospace and national defense industries in the first half. This hacking group, which is also called Lazarus, usually uses the “spearfishing” method that extorts information through social technological attacks and harmful e-mails.
Attacks on national defense industry also occurs in South Korea.
“Although South Korea also experiences many cyber-attacks that target our national defense industry, most of the attacks are maintained internally.” said Moon Jong-hyeon who is the director of ESTSecurity Response Center. “North Korea’s hacking group called “Thallium” targets our national defense the most.”
Attacks on the national defense industry have been taking place for a long time. Director Moon told the Electronic Times that North Korean hacking groups have also been interested on South Korea’s aerospace and aviation industries for a while and that North Korea is utilizing cyber-attacks in order to confirm their latest technologies for developing weapons.
He also showed concerns towards South Korea’s disinterest towards North Korea’s cyber-attacks becoming more serious and cyber-attacks becoming more difficult to manage.
“Cyber-attacks from North Korea occur daily.” said Director Moon. “Although insiders know which area cyber-attacks are targeting and who is affected from them, most of them are uninterested or keep attacks secret which makes it difficult for the outside to understand and prepare countermeasures against cyber-attacks.”
“Because many areas are targets for North Korea’s cyber-attacks, most of countermeasures are done individually.” said Director Moon. “Although countermeasures are only effective when information between the financial industry, the national defense industry, and private companies is shared, real-time sharing and early actions are not taken most of the time because they see cyber-attacks as a sensitive issue.”
He also pointed out that the lack of national measures against cyber-attacks within cyber space compared to physical space is also an issue.
“If cyber-attacks on government agencies are not made public, it is difficult for the people to understand such attacks and it is also difficult for information to be shared.” said Director Moon. “There needs to be an appropriate system so that the private and public sectors can take early and joint actions against cyber-attacks from North Korea.”
Staff Reporter Oh, Dain | firstname.lastname@example.org