Ransomware attack suggests Pyongyang
Hackers behind global assault may be targeting China.
S EOUL, SOUTH KOREA — They take legitimate jobs as software programmers in the neighbors of their home country, North Korea. When the instructions from Pyongyang come for a hacking assault, they are believed to split into groups of three or six, moving around to avoid detection.
Since the 1980s, the reclusive North has been known to train cadres of digital soldiers to engage in electronic warfare and profiteering exploits against its perceived enemies, most notably South Korea and the United States. In recent years, cybersecurity experts say, the North Koreans have spread these agents ac ross the border into China and other Asian countries to help cloak their identities. The strategy also amounts to war-contingency planning in case the homeland is attacked.
Now, this force of North Korean hacker sleeper cells is under new scrutiny in connection with the ransomware assaults that have roiled much of the world over the past four days. Signs have emerged that suggest North Koreans not only c arried out the attacks, but that the targeted victims included China, North Korea’s benefactor and enabler.
While there is still nothing definitive to link the attacks to North Korea, similarities exist between the ransomware used to extort computer users into paying the hackers and previously deployed North Korean malware codes.
Moreover, North Korea has in the past deliberately timed cyberattacks to coincide with its banned weapons tests — like the ballistic missile launched Sunday — as a way of subtly flaunting the country’s technological advances despite its global isolation.
Un l i ke i t s mi s s i l e a n d nuclear weapons tests, however, North Korea has never announced or acknowledged its computer hacking abilities — if anything, the country has denied responsibility for hacking and other forms of computerized crimes.
I t a l s o i s pos s i bl e t hat North Korea had no role in the attacks, which exploited a stolen hacking tool developed by the U.S. National Security Agency. But Security officials in South Korea, the U.S. and elsewhere say it is a well-known fact that the North Korean authorities have long trained squads of hackers and programmers, both to sabotage computers of adversaries and make money for the government, including through the use of ransomware — malicious software that blackmails victims into paying to release seized files.
C h o i S a n g - my u n g , a n advi ser to South Korea’s cyberwar command and a security researcher at Hauri Inc., said that the arithmetic logic in the ransomware attacks that began Friday and have hit more than 100 countries, including China, is similar to that used in previous attacks against Sony Pictures and the Swift international bank messaging system — both of them traced to North Korea.
The technique used by the ransomware resembled that used by the L azarus Group, the name experts use to identify a North Korea group deemed responsible for the Sony assault.