Ransomware attack suggests Pyongyang
Hackers behind global assault may be targeting China.
They take legitimate jobs as software programmers in the neighbors of their home country, North Korea. When the instructions from Pyongyang come for a hack- ing assault, they are believed to split into groups of three or six, moving around to avoid detection.
Since the 1980s, the reclu- sive North has been known to train cadres of digital soldiers to engage in electronic war-
fare and profiteering exploits against its perceived ene- mies, most notably South Korea and the United States. In recent years, cybersecurity experts say, the North Koreans have spread these agents across the border into China and other Asian countries to help cloak their identities. The strategy also amounts to war-contingency planning in case the home- land is attacked.
Now, this force of North Korean hacker sleeper cells is under new scrutiny in con- nection with the ransom- ware assaults that have roiled much of the world over the past four days. Signs have emerged that suggest North Koreans not only carried out the attacks, but that the targeted victims included China, North Korea’s bene- factor and enabler.
While there is still nothing definitive to link the attacks to North Korea, similarities exist between the ransom- ware used to extort computer users into paying the hack- ers and previously deployed North Korean malware codes.
Moreover, North Korea has in the past deliberately timed cyberattacks to coincide with its banned weapons tests — like the ballistic missile launched Sunday — as a way of subtly flaunting the country’s technological advances despite its global isolation.
Unlike its missile and nuclear weapons tests, however, North Korea has never announced or acknowledged its computer hacking abilities — if anything, the country has denied responsibility for hacking and other forms of computerized crimes.
It also is possible that North Korea had no role in the attacks, which exploited a stolen hacking tool developed by the U.S. National Security Agency. But Security officials in South Korea, the U.S. and elsewhere say it is a well-known fact that the North Korean authorities have long trained squads of hackers and programmers, both to sabotage computers of adversaries and make money for the government, including through the use of ransomware — malicious software that blackmails victims into paying to release seized files.
Choi Sang-myung, an adviser to South Korea’s cyberwar command and a security researcher at Hauri Inc., said that the arithmetic logic in the ransomware attacks that began Friday and have hit more than 100 countries, including China, is similar to that used in previous attacks against Sony Pictures and the Swift international bank messaging system — both of them traced to North Korea.
The technique used by the ransomware resembled that used by the Lazarus Group, the name experts use to identify a North Korea group deemed responsible for the Sony assault.