North Korea’s cyber workforce, despite its small size, has proven to be exceptionally nimble and skilled in conducting hacking operations. This is according to Michael Barnhart, Mandiant’s lead on DPRK cyber collection, analysis, reporting, and tracking. Despite the focus on attributing cyberattacks to North Korea, Barnhart suggests that Kim Jong Un is intentionally creating confusion, making it difficult for experts to track his activities.
The muddling of cyber operations by North Korea has become even more pronounced since the outbreak of the COVID-19 pandemic. Mandiant’s analysis suggests that the regime had to modify its operations in 2020 due to hardened borders around the world and within the Korean Peninsula and China. As a result, North Korean hackers had to become more resourceful, collaborating and communicating more frequently.
One notable aspect of North Korea’s cyber workforce is its ability to quickly shift between different types of cyber operations. Unlike other countries with established cyber units, which have specialized teams for offensive and defensive activities, North Korea’s hackers are skilled in various types of attacks. Barnhart describes this flexibility as “unreal,” highlighting the case of Park Jin Hyok, who is currently on the FBI’s most-wanted list. Park has been involved in sophisticated attacks such as the Sony hack in 2014, the theft of $81 million from Bangladesh Bank in 2016, the development of WannaCry ransomware, and the infiltration of US defense contractors.
The skill and agility of North Korea’s cyber workforce pose significant challenges for those trying to counter their activities. While attribution remains important, it is now clear that North Korea is intentionally muddling the trails and making it difficult for experts to track their operations. This raises the question of whether a different approach is needed to deal with North Korean cyber threats.
The COVID-19 pandemic has created an environment where cyber threats have become more prevalent, with countries and organizations becoming more vulnerable to attacks. North Korea has taken advantage of this situation to further its own interests. By collaborating and communicating more frequently, North Korean hackers have become more effective in carrying out their missions.
As the rest of the world struggles to contain the impact of the pandemic, North Korea’s cyber workforce continues to punch above its weight. Despite its small size, it possesses a range of skills and capabilities that make it a formidable adversary in cyberspace. The ability to shift between different types of attacks and maintain a high level of execution is a testament to the expertise of North Korean hackers.
Addressing this threat requires a comprehensive approach that goes beyond traditional attribution methods. While knowing who is behind a cyberattack is important, it may not be enough to effectively counter North Korea’s cyber operations. As they continue to muddle their activities and adapt to changing circumstances, it becomes imperative for governments and organizations to enhance their cybersecurity measures and develop strategies that can withstand the challenges posed by North Korean hackers.
In conclusion, North Korea’s cyber workforce has proven to be skilled, agile, and adaptable. Their ability to conduct a wide range of cyber operations and maintain a high level of execution poses significant challenges for those trying to track and counter their activities. As the world grapples with the ongoing COVID-19 pandemic, it is crucial for governments and organizations to prioritize cybersecurity and develop innovative approaches to deal with the evolving cyber threats posed by North Korea.