What Do We Know About Past North Korean Cyber Attacks and their Capabilities?
December 12, 2014
*The recent cyber-attack on Sony Pictures Entertainment and the subsequent allegations of North Korea’s involvement in the attack led many to wonder about North Korea’s capability to conduct disruptive and/or destructive operations in cyberspace.At the time of this writing, investigation is ongoing and the evidences revealed so far is not conclusive enough to successfully attribute the attack to North Korea. While this article is not aimed at reaching a conclusion on North Korea’s role in the Sony Pictures Entertainment attack, it aims to provide further context for readers on North Korea’s cyber operations capabilities in an effort to further illuminate the current situation.
Against South Korea, North Korea allegedly has already carried out a series of disruptive and destructive operations in the past few years. Discounting previous distributed denial-of-service (DDoS) attacks on websites, the first major cyber-attack attributed to North Korea was on April 12, 2011, which paralyzed online banking and credit card services of Nonghyup Agricultural Bank for its 30 million customers. This is the first instance where North Korea used a disc wiping tool. While its ATMs were fixed within a couple days, some of the online services had taken more than two weeks to return to normal operating status, with 273 out of 587 servers destroyed. The second incident occurred in March 20, 2013, which used similar but improved tactics from April 2011. It was timed to simultaneously target multiple banks and broadcasting agencies with disc wiping tools and was preceded by an extensive advanced persistent threat campaign. The scale of the March 20 attack demonstrated that North Korea has at least one dedicated, permanent cyber unit directed against carefully selected targets and that they have the means to penetrate, exploit, and disrupt target systems and networks with sufficient secrecy.
The Korea Platform is made possible by the generous support of Samsung Electronics America.