ArrowArtboardCreated with Sketch.Title ChevronCrossEye IconIcon FacebookIcon LinkedinShapeCreated with Sketch.Icon Mail ContactPath LayerIcon MailMenu BurgerIcon Opinion QuotePositive ArrowIcon PrintIcon SearchSite TitleTitle ChevronIcon Twitter
N Korea at crossroads

North Korean hackers' evolution on display in US case

Extensive legwork employed to gain trust before attacks unleashed

North Korea's Reconnaissance General Bureau, which is said to have a team of 6,800 hackers, is considered to be one of the globe's five cyberespionage powers, along with the U.S., Russia, China and Israel.   © Reuters

TOKYO -- Materials from the U.S. Justice Department's charges on Sept. 6 against a North Korean hacker show that the impoverished state is finding ever-craftier ways to carry out the cyberattacks it increasingly depends on to stay afloat.

Park Jin Hyok, named by officials as a member of the so-called Lazarus Group hacking team behind last year's WannaCry global ransomware attack and the 2014 digital attack on Sony, apparently used not only advanced technology, but elaborate reconnaissance work to digitally steal money and sensitive information.

First, Park would obtain a number of email addresses of people affiliated with target businesses from traders dealing in large amounts of personal information. Then he would use the emails to gain an understanding of company employees' fields of interest and personal relationships.

That would let him craft emails that could pass as genuine messages from major companies in content and style, a tactic known as spear phishing. After spending some time building trust, he would send the malicious links to websites that would infect a target's computer. 

In one case, Park apparently masqueraded as a human resources official at a U.S. defense-linked company to exchange messages with workers at one of the company's competitors.

Last week's charges were said to be the first in years against a North Korean hacker related to high-profile attacks linked to the state. The attack on Sony came as the company was preparing to release a movie called "The Interview," which depicted the assassination of a character resembling North Korean leader Kim Jong Un. The group also allegedly stole $81 million from the central bank of Bangladesh in 2016.

A North Korean suspect is wanted by U.S. authorities on suspicion of hacking. (Courtesy of the U.S. Federal Bureau of Investigation)

"We stand with our partners to name the North Korean government as the force behind this destructive global cyber campaign," Christopher Wray, director of the Federal Bureau of Investigation, said in a statement on Sept. 6. 

The U.S. Treasury also imposed sanctions on Park and a Chinese business he was affiliated with. "We will not allow North Korea to undermine global cybersecurity to advance its interests and generate illicit revenues in violation of our sanctions," Treasury Secretary Steven Mnuchin said in his own statement.

Under Kim, the North has consolidated its cyber forces under its Reconnaissance General Bureau, which handles overseas spying. The state has a team of 6,800, according to the South Korean government, and is counted as one of the five cyber powers along with the U.S., Russia, China and Israel.

The core of cyber operations is a team known as "Bureau 121," established in 1998 by Kim's father, then-leader Kim Jong Il. Bureau 121 is known for its willingness to commit crimes for the sake of bringing in cash.

"The technology behind North Korea's cybercrimes is some of the most advanced in the world," said a source with the U.S. State Department.

Governments and businesses around the world are hurrying to guard themselves from the North's attacks even as its methods grow more sophisticated. Further cooperation between countries' cyberdefense authorities may be key to finding effective solutions.

You have {{numberReadArticles}} FREE ARTICLE{{numberReadArticles-plural}} left this month

Subscribe to get unlimited access to all articles.

Get unlimited access
NAR site on phone, device, tablet

{{sentenceStarter}} {{numberReadArticles}} free article{{numberReadArticles-plural}} this month

Stay ahead with our exclusives on Asia; the most dynamic market in the world.

Benefit from in-depth journalism from trusted experts within Asia itself.

Try 3 months for $9

Offer ends September 30th

Your trial period has expired

You need a subscription to...

See all offers and subscribe

Your full access to the Nikkei Asian Review has expired

You need a subscription to:

See all offers
NAR on print phone, device, and tablet media