The latest Security Briefing from HP covers the cyber-landscape inside the Democratic People’s Republic of Korea (DPRK), known in the West as North Korea, and into how that nation pursues its military agenda online. For the report in full visit the HP website.
North Korea has a military-focused society and an unconventional technology infrastructure. Due to North Korea’s hostility toward other nations, its pursuit of nuclear weapons, and its human rights violations against its own citizens, the United Nations and many Western entities have placed sanctions and embargoes against North Korea. That said, the nation has continued its tradition of asymmetric warfare into the age of the Internet, with a remarkable commitment to developing cyber warfare capabilities even as it copes with aging infrastructure.
While those capabilities are of particular interest from a national security perspective, available intelligence on this topic is limited due to the nature of North Korea’s Internet infrastructure and the regime’s strict control over its use. This security briefing takes a look at North Korea’s known cyber-capabilities and how the country maintains secrecy in these matters.
Due to North Korea’s global interactions, its cyber warfare capabilities are of particular interest to the United States. According to a 2009 report, North Korean hackers have successfully penetrated US defense networks more frequently than any other country that has targeted those assets. While one would expect the regime’s digital infrastructure to suffer from aging or lack of resources, these factors do not take away from its technical abilities to wage cyber warfare.
While the US views North Korea’s cyber warfare program as the regime’s foray into modern asymmetrical warfare, its neighbor to the south views those cyber capabilities as a terroristic threat — preparations for a multifaceted attack, one that will happen sooner rather than later. Over the past two years alone, South Korea estimates that the North has nearly doubled the number of personnel trained and tasked with carrying out cyberattacks. It is of particular interest that much of North Korea’s cyber activity coincides with the annual U.S. – South Korea joint military exercises. Attacks not following that pattern were typically in response to political events impacting the regime or correlated with significant dates, such as the anniversary of the start of the Korean War. Our report digs into attacks that have taken place to date and how they were carried out.
Obtaining details on North Korea’s cyber warfare capability is not an easy task. Through information obtained via open source intelligence (OSINT) and from original analysis by HPSR malware researchers, we present what is known about North Korea’s cyber warfare programs and its supporting intelligence and psychological operations capabilities.
From the report
North Korea even uses “trolling” as a PSYOP tactic. On the internet, “trolls” are users who post messages that are often crass, controversial, inflammatory, or offensive, in order to evoke a strong reaction or influence a reader’s opinion. Often, the motivation for trolling is simply for the troll’s enjoyment. The rude and offensive trolling tactics are in stark contrast to traditional forms of persuasive rhetoric. However, North Korea reportedly uses over 200 military intelligence operatives to troll South Korean message boards and social media pages with pro-North Korean sentiments.
