TOKYO -- Materials from the U.S. Justice Department's charges on Sept. 6 against a North Korean hacker show that the impoverished state is finding ever-craftier ways to carry out the cyberattacks it increasingly depends on to stay afloat.
Park Jin Hyok, named by officials as a member of the so-called Lazarus Group hacking team behind last year's WannaCry global ransomware attack and the 2014 digital attack on Sony, apparently used not only advanced technology, but elaborate reconnaissance work to digitally steal money and sensitive information.
First, Park would obtain a number of email addresses of people affiliated with target businesses from traders dealing in large amounts of personal information. Then he would use the emails to gain an understanding of company employees' fields of interest and personal relationships.
That would let him craft emails that could pass as genuine messages from major companies in content and style, a tactic known as spear phishing. After spending some time building trust, he would send the malicious links to websites that would infect a target's computer.
In one case, Park apparently masqueraded as a human resources official at a U.S. defense-linked company to exchange messages with workers at one of the company's competitors.
Last week's charges were said to be the first in years against a North Korean hacker related to high-profile attacks linked to the state. The attack on Sony came as the company was preparing to release a movie called "The Interview," which depicted the assassination of a character resembling North Korean leader Kim Jong Un. The group also allegedly stole $81 million from the central bank of Bangladesh in 2016.
"We stand with our partners to name the North Korean government as the force behind this destructive global cyber campaign," Christopher Wray, director of the Federal Bureau of Investigation, said in a statement on Sept. 6.
The U.S. Treasury also imposed sanctions on Park and a Chinese business he was affiliated with. "We will not allow North Korea to undermine global cybersecurity to advance its interests and generate illicit revenues in violation of our sanctions," Treasury Secretary Steven Mnuchin said in his own statement.
Under Kim, the North has consolidated its cyber forces under its Reconnaissance General Bureau, which handles overseas spying. The state has a team of 6,800, according to the South Korean government, and is counted as one of the five cyber powers along with the U.S., Russia, China and Israel.
The core of cyber operations is a team known as "Bureau 121," established in 1998 by Kim's father, then-leader Kim Jong Il. Bureau 121 is known for its willingness to commit crimes for the sake of bringing in cash.
"The technology behind North Korea's cybercrimes is some of the most advanced in the world," said a source with the U.S. State Department.
Governments and businesses around the world are hurrying to guard themselves from the North's attacks even as its methods grow more sophisticated. Further cooperation between countries' cyberdefense authorities may be key to finding effective solutions.