A cybersecurity expert has warned that North Korean cyberattack techniques have evolved significantly since a DDoS attack in 2009, posing an increasingly serious global threat.
On Wednesday, Mun Chong-hyun, director of the Genians Security Center, discussed the evolution of the North Korean cyber threat at a seminar in Seoul, South Korea, which focused on North Korean hacking realities and countermeasures.
According to a report by the National Intelligence Service (NIS), public institutions in South Korea faced an average of 1.62 million cyberattacks daily in 2023. Mun emphasized that approximately 80 percent of these attacks originated from North Korea.
The North Korean Reconnaissance General Bureau, responsible for military intelligence and espionage, was established in February 2009. The Bureau leads cyberattacks against South Korea, engaging in activities like cyberterrorism and hacker training.
North Korea initiated aggressive cyberattacks following the DDoS attacks on July 7, 2009, specifically targeting South Korean government ministries, media websites, and banks.
Mun emphasized that North Korea employs five distinct attack techniques for hacking. Among these, Spearphishing attacks, which involve attaching malicious files or links to emails, are the most prominent, accounting for 74 percent of all attempts at infiltration.
The director cited a recent case in February 2024, where a reporter from the South Korean broadcasting company SBS was targeted via email by North Korean hackers. The hackers impersonated an employee of the National Assembly Research Service, initially building trust by sending seminar and forum requests before eventually sending malicious links.
Mun also noted that North Korean hackers use specific language expressions, which allowed him to identify attackers from North Korea in the malware code. For instance, attackers referred to the virus as ‘Vee-roos’. “This is a habit in North Korean expression,” he explained.
Furthermore, the director highlighted that other attack methods include planting malicious code on websites, targeting software supply chains, impersonating social networking service accounts, and spreading malicious code by posing as IT developers. He stressed that North Korea is no longer just targeting the government; all citizens are vulnerable. He called for raising national awareness to effectively address the problem.
The seminar was hosted by Park Choong-kwon, a lawmaker and representative of the People Power Party, a prominent political party in South Korea. Park’s background is notable: born in North Korea, he played a key role in the development of the DPRK’s ballistic missile program. However, in 2009, Park defected to South Korea, where he sought to contribute his expertise. His unique perspective and experiences led to his election as the 22nd member of Congress, where he now holds office.
“North Korea’s hacking technology is more advanced than when I was there,” Park said during the seminar. “Cybersecurity is the foundation of the entire national cyber system, and hacking is an urgent issue that Congress must address.”
Related article: South Korea issues warning on North Korean cyber threats at the UN
South Korea highlighted concerns on Thursday regarding North Korea’s cyber activities, malicious attacks being undertaken to generate funds for the nation’s illicit missile programs. South Korea called on the international community to work together to address the pressing threat.
Hwang Joon-kook, South Korea’s ambassador to the United Nations, highlighted North Korea’s cyber activities as one of three areas of concern regarding malicious cyber behavior that the U.N. Security Council should address. “Illicit cyber activities pose significant challenges to the global non-proliferation framework. A prime example is the malicious cyber activities undertaken by North Korea,” the ambassador emphasized.
Hwang highlighted findings from a U.N. expert report published last March, which disclosed that state-sponsored hacking activities fund 40% of the country’s weapons of mass destruction program. These comments were made during an Arria-formula meeting at the U.N. headquarters in New York, themed “Evolving Cyber Threat Landscape and Its Implications for the Maintenance of International Peace and Security.” South Korea spearheaded this informal cybersecurity event in collaboration with two co-hosts: the United States and Japan. READ MORE
