Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

What we know about North Korea's cyberarmy

Martyn Williams | Dec. 22, 2014
Snippets of information about the secretive regime's cyberops have leaked out over the years.

International Network

North Korea has a single connection to the Internet, so attacks from inside the country would be quite easy to trace. As a result, the country uses computers around the globe to launch attacks. Often these are compromised PCs and the owners have no idea they've been infected with North Korean malware. Some of the initial attacks to help build this network of infected computers are thought to be launched from North Korean outpost offices in places like China, Russia and India.

Operations and attacks

While pinning down the true perpetrator of cyberattacks is incredibly difficult, a number of attacks in recent years have been blamed on North Korea. Some, like the Sony hack, have been high-profile but many others have gotten much less attention and appear more aimed at earning money than causing disruption.

July 2009 - Attackers target government websites in the U.S. and South Korea in large-scale distributed denial of service (DDOS) attacks that were later blamed on North Korea.

March 2011 - In an attack dubbed "10 Days of Rain," major South Korean government websites and sites operated by the U.S. military in South Korea are targeted in DDOS attacks.

April 2011 - South Korea's Nonghyup bank is targeted in a DDOS attack that was later traced to North Korea and linked with previous attacks.

August 2011 - South Korean police accuse a North Korean hacking ring of stealing around $6 million in prize money from online games.

November 2011 - A hacker attempts to hack the email system of Korea University's Graduate School of Information Security in an action later blamed on North Korea.

June 2012 - Conservative South Korean newspaper Joong Ang Ilbo is hit by a cyberattack that succeeded in destroying databases. A week earlier, North Korea had threatened the newspaper over its coverage of the country.

March 2013 - A major cyberattack, later blamed on North Korea, paralyzes the networks of several major South Korean TV broadcasters. A bank ATM network is also hit in the attack, which attempted to wipe the hard drives of computers. A second attack pushes the DNS servers of government websites offline for several hours. At around the same time, North Korea's connection with the global Internet goes down for 36 hours.

March 2013 - Responding to the attacks, the hacking group Anonymous targets North Korean websites. It succeeds in breaking into a major North Korean news portal and publishes the names and account details of thousands of subscribers.

June 2013 - Hackers post names, social security numbers and other personal information of thousands of U.S. armed forces members stationed in South Korea online.

June 2013 - South Korean government DNS servers are targeted by a DDOS attack. Similarities are found in the code that links it to the March attacks.

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.