North Korea is conducting a wide-ranging malicious campaign against the U.S. and global targets, according to several reports. Last month, the Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the Department of Defense released three reports on malware variants used by the North Korean government. This was preceded by an advisory in April from the State Department, the Treasury, and Homeland Security, and FBI on the North Korean cyber threat. “[It is] essentially a taxonomy of everything the [North Koreans] have been caught doing,” Mike Hamilton, chief information security officer of CI Security, told Fox News, referring to the May Malware Analysis reports. “Trying to summarize tactics, techniques, and procedures that everyone can watch out for,” added Hamilton, who also served previously as the chief information security officer for the city of Seattle. One of the driving forces is North Korea’s need to fund its weapons of mass destruction and ballistic missile programs, the government’s April advisory said. The campaigns are insidious because they often appear as ordinary cybercrime. “The North Koreans are pioneers in the organized-crime false flag business,” Hamilton explained. “They are running ransomware extortion groups, which most people just assume comes from organized crime, not a nation-state.” Hamilton said the aim is cryptomining and financial targets, among other aims. “They show up as commodity, ‘shotgun blast’ types of untargeted attacks to scoop up CPUs [central processing units] for cryptomining,” he said, referring to the mining of digital currencies. “They also use research and targeting against the finance sector, and non-commodity malware that AV [anti-virus] vendors have never seen,” Hamilton added. North Korea-sponsored cyber actors include hackers, cryptologists and software developers who are engaged in espionage, theft from financial institutions and digital currency exchanges, and in politically motivated attacks against foreign media companies, according to the April advisory. For example, an investigation into dozens of suspected North Korean cyber-enabled heists revealed that as of late 2019, North Korea had attempted to steal as much as $2 billion worldwide. Then there are extortion and ransomware campaigns. “In some instances, DPRK [North Korea] cyber actors have demanded payment from victims under the guise of long-term paid consulting arrangements in order to ensure that no such future malicious cyber activity takes place,” the advisory said.
For more, click on the text above.