Technicians watch electronic monitoring boards for possible ransomware attacks at the Korea Internet and Security Agency in Seoul on May 15.
© AP
WASHINGTON/MOSCOW -- Cyberwarfare between the U.S. and North Korea is escalating, including the use of military capabilities, according to U.S. media and other reports.
The U.S. military has reportedly conducted cyberattacks under a directive from President Donald Trump aimed at impeding North Korea's access to the internet.
Pyongyang responded to the attacks by routing some of its net connections through Russia, starting in October, adding to its existing access via China. That will make it harder for the U.S. to block North Korea's internet access, raising concern that Pyongyang may step up its own cyberattacks against the U.S.
According to a report in the online edition of The Washington Post, Trump signed a directive to strengthen the U.S. military's cyberattack capabilities to increase pressure on North Korea. The U.S. Cyber Command staged distributed denial of service (DDosS) attacks against the North, in which computers flood servers with traffic to paralyze them. The servers targeted are used by the North's spy agency, the Reconnaissance General Bureau of the Ministry of the People's Armed Forces, according to reports. The attacks were reportedly halted when the directive expired at the end of September.
A website devoted to analyzing North Korea at Johns Hopkins University in Maryland, 38 North, discovered on Sunday that Pyongyang has responded by using a new internet connection set up through TransTelekom, a Russian telecommunications company owned by Russia's state-run railway operator, Russian Railways.
TransTelekom has optical fiber lines along rail lines operated by its parent. The new internet connection may have been established via a railway bridge over the Tumen River, which marks the border between North Korea and Russia.
U.S. soldiers with the 561st Network Operations Squadron talk at Petersen Air Force Base in Colorado Springs, Colorado on July 20, 2015.
© Reuters
On Tuesday, TransTelekom confirmed to The Nikkei that the new internet connection has been set up, saying U.N. sanctions adopted on Sept. 11 do not include telecom services. The Russian company also said it has the right under its contract with North Korea to unilaterally terminate the service if Pyongyang uses it for illegitimate purposes, such as computer hacks.
In 2010, North Korea began using China United Network Communications Group, a Chinese state-run telecom operator also known as China Unicom, for internet access. According to Reuters, 60% of North Korea's access is already directed through Russia, with the rest provided by China.
The North Korean spy agency has a cyberunit as well as a bureau in China. It reportedly staged cyberattacks on Sony's filmmaking subsidiary in the U.S. in 2014, and the theft of $81 million from Bangladesh's central bank in 2016.
The agency is also suspected of involvement in a global ransomware attack in May that targeted the U.K.'s National Health Service and others. That attack may have been designed to snatch foreign currency, specifically bitcoin, a global cryptocurrency.
In line with the Sept. 11 U.N. sanctions, China has stepped up its economic pressure on North Korea, restricting oil exports, banning textile imports and halting financial services to North Korean individuals and companies through major Chinese banks.
North Korea may have turned to the Russian telecom operator to lessen its reliance on China and widen its cyberattack options.
The Trump administration's cyberattacks aimed at choking off North Korea's internet access may now become more difficult, according to Bryce Boland, chief technology officer for the Asia-Pacific at American cybersecurity company Fire Eye.
