North Korean Cyber Capabilities in the Operational Environment of the Northeast Asian Region
Copyright (c) 2024 Lendvai Tünde
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Abstract
The paper discusses the organisational structure of cyber capabilities and a hypothetical cyber warfare strategy of the Democratic People’s Republic of Korea (hereinafter referred to as the DPRK or North Korea). It aims to provide a holistic view of North Korean offensive cyberspace activities in the context of security policy in the Northeast Asian region, with a particular focus on the risks posed by strategic cooperation with the People’s Republic of China. The research was based on secondary data collection through analysis of academic literature, press reports and publicly available case studies.
Keywords:
How to Cite
References
BARTÓK András (2018): „Korlátok nélküli hadviselés” (超限战) – Egy kínai nézőpont a 21. század hatalmi versengéséről”. Hadtudományi Szemle, 11(3), 338–346. Online: https://folyoirat.ludovika.hu/index.php/hsz/article/view/3995/3261
BARTÓK András (2020): Sárkányok és kistigrisek: Kelet-Ázsia regionális fegyverkezési versenyének általános és országspecifikus jellemzői a Kínával kapcsolatos fenyegetettségpercepciójú országok esetében 1. Nemzet és Biztonság, 13(4), 80–101. Online: https://doi.org/10.32576/nb.2020.4.6
BARTÓK András (2022): Sokan tartanak Kína tajvani inváziójától, megnéztük a forgatókönyveket. Telex, 2022. augusztus 25. Online: https://telex.hu/velemeny/2022/08/25/tajvan-kina-aggodalmak-szembenallo-erok-invazio-forgatokonyvek-usa-japan-tamogatas
BARTÓK András – WAGNER Péter (2021): A kínai A2/AD és a válaszreakciók Kelet-Ázsiában (2.). KKI Elemzések, 2021/7, 3–18. Online: https://doi.org/10.47683/KKIElemzesek.E-2021.07
BARNHART, Michael et al. (2023): Assessed Cyber Structure and Alignments of North Korea in 2023. Mandiant, 2023. október 10. Online: https://www.mandiant.com/resources/blog/north-korea-cyber-structure-alignment-2023
BERZSENYI Dániel (2023): Különleges kiberműveletek. A kiber különleges műveleti képesség és kialakításának vizsgálata. PhD-disszertáció. Nemzeti Közszolgálati Egyetem Hadtudományi Doktori Iskola. Online: https://doi.org/10.17625/NKE.2023.012
CHA, Victor – LIM, Andy (2024): Slow Boil: What to Expect from the DPRK in 2024. CSIS, 2024. január 16. Online: https://www.csis.org/analysis/slow-boil-what-expect-dprk-2024
Chainalysis Team (2023): 2022 Biggest Year Ever For Crypto Hacking with $3.8 Billion Stolen, Primarily from DeFi Protocols and by North Korea-linked Attackers. Chainalysis, 2023. február 1. Online: https://www.chainalysis.com/blog/2022-biggest-year-ever-for-crypto-hacking/
CHEONG, Wa Dae (2018): Pyongyang Joint Declaration of September 2018. Online: https://www.mofa.go.kr/eng/brd/m_5476/view.do?seq=319608&srchFr=&srchTo=&srchWord
CSOMA Mózes (2006): A koreai félsziget politikai viszonyai és azok biztonságpolitikai aspektusai. PhD-disszertáció. Zrínyi Miklós Nemzetvédelmi Egyetem Hadtudományi Doktori Iskola. Online: https://nkerepo.uni-nke.hu/xmlui/bitstream/handle/123456789/12047/ertekezes.pdf;jsessionid=D2CBB0501C9C3852B9F788A081906D14?sequence=1
DEYOUNG, Karen – NAKASHIMA, Ellen – RAUHALA, Emily (2017): Trump Signed Presidential Directive Ordering Actions to Pressure North Korea. The Washington Post, 2017. szeptember 30. Online: https://www.washingtonpost.com/world/national-security/trump-signed-presidential-directive
F. YANG, Fan (2022): The Problem with Ill-Substantiated Public Cyber Attribution: A Legal Perspective. In LEVITE, Ariel E. et al. (2023): Managing U.S.-China Tensions Over Public Cyber Attribution. Washington, D.C.: Carnegie Endowment for International Peace. Online: https://carnegieendowment.org/files/Perkovich_et_al_Cyber_Attribution_web.pdf
GAUSE, Ken E. (2015): North Korea’s Provocation and Escalation Calculus: Dealing with the Kim Jong-un Regime. Washington: CNA Analysis & Solutions. Online: https://apps.dtic.mil/sti/tr/pdf/ADA621100.pdf
GEIGENBERGER, Laura (2023): Russian Ambassador to Pyongyang Provides Insights into Current Trade with North Korea and the Status of its Weapons Development. Daily NK, 2023. május 30. Online: https://www.dailynk.com/english/russian-ambassador-to-pyongyang-provides-insights-into-current-trade-with-north-korea-and-the-status-of-its-weapons-development/
HA, Matthew (2022): The Evolution of Kim Jong Un’s ’All-Purpose Sword’. FDD, 2022. október 28. Online: https://www.fdd.org/analysis/2022/10/28/the-evolution-of-kim-jong-uns-all-purpose-sword/
HA, Mathew – MAXWELL, David (2018): Kim Jong Un’s ‘All-Purpose Sword’. North Korean Cyber-Enabled Economic Warfare. Washington, DC: FDD Press.
HAIG Zsolt (2022): Kibertéri kognitív befolyásolás az információs műveletekben. Hadtudományi Szemle, 15(2), 115–130. Online: https://doi.org/10.32563/hsz.2022.2.7
HAMMER, Joshua (2018): The Billion-Dollar Bank Job. The New York Times, 2018. május 3. Online: https://www.nytimes.com/interactive/2018/05/03/magazine/money-issue-bangladesh-billion-dollar-bank-heist.html
HAN, Sangmi (2016): North Korea sends 50 to 60 Talented Students to Study Abroad to Train as Cyber Agents. Voice of America, 2016. június 14. Online: https://www.voakorea.com/a/3375411.html
JOHNSON, Jeff et al. (2023): 3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible. Mandiant, 2023. április 20. Online: https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise
JUN, Jenny – LAFOY, Scott – SOHN, Ethan (2015): North Korea’s Cyber Operations. Strategy and Responses. Lanham: Rowman & Littlefield. Online: https://csis-website-prod.s3.amazonaws.com/s3fs-public/legacy_files/files/publication/151216_Cha_NorthKoreasCyberOperations_Web.pdf
KATO, Katsunobu (2017): Abductions of Japanese Citizens by North Korea. Tokyo: Secretariat of the Headquarters for the Abduction Issue. Online: https://www.mofa.go.jp/files/000433596.pdf
KERTÉSZ Bence (2023): A lopakodó tigris: Észak-Korea rakétafejlesztésének titkos rekordéve. Biztonságpolitika.hu, 2023. február 11. Online: https://biztonsagpolitika.hu/kiemelt/a-lopakodo-tigris-eszak-korea-raketafejlesztesenek-titkos-rekordeve
KONG, Ji-Young – LIM, Jong In – KIM, Kyoung Gon (2019): The All-Purpose Sword: North Korea’s Cyber Operations and Strategies. 11th International Conference on Cyber Conflict (CyCon), 1–20. Online: https://doi.org/10.23919/CYCON.2019.8756954
KOVÁCS László (2021): Offenzív kiberműveletek II.: Kibererők és képességeik. Hadmérnök, 16(3), 119–137. Online: https://doi.org/10.32567/hm.2021.3.7
KRASZNAY Csaba (2022): Adatok és automatizáció a kiberbiztonság szemszögéből. Századvég, 2022/1, 29–46. Online: https://szazadvegfolyoirat.hu/wp-content/uploads/2023/09/Szazadveg_2022_01_teljes.pdf
KRASZNAY Csaba (2020): Kiberbiztonsági K+F+I Európában. In TÖRÖK Bernát (szerk.): Információ- és kiberbiztonság. Budapest: Ludovika, 83–97. Online: https://tudasportal.uni-nke.hu/xmlui/static/pdfjs/web/viewer.html?file=https://tudasportal.uni-nke.hu/xmlui/bitstream/handle/20.500.12944/16195/TKP_Kiberbiztonsag_01_25.pdf?sequence=1&isAllowed=y#page=84
KIM, Yonho (2014): Cell Phones in North Korea. Has North Korea Entered the Telecommunications Revolution? Washington: US–Korea Institute at SAIS – Voice of America. Online: https://38north.org/wp-content/uploads/2014/03/Kim-Yonho-Cell-Phones-in-North-Korea.pdf
Kyodo News (2020): Suspected ringleader of huge, coordinated ATM scam entered N. Korea. Kyodo News (South Korea), 2020. április 5. Online: https://english.kyodonews.net/news/2020/04/2b45db5e313b-suspected-ringleader-of-huge-coordinated-atm-scam-entered-n-korea.html
LEE, Yaecan (2018): Japan’s North Korean Diaspora. The Diplomat, 2018. január 5. Online: https://thediplomat.com/2018/01/japans-north-korean-diaspora/
Malpedia (2024): Lazarus Group. Online: https://malpedia.caad.fkie.fraunhofer.de/actor/lazarus_group
McAffee (2011): Ten Days of Rain. Expert analysis of distributed denial-of-service attacks targeting South Korea. Online: https://www.mcafee.com/blogs/wp-content/uploads/2011/07/McAfee-Labs-10-Days-of-Rain-July-2011.pdf
MCLEARY, Paul – HUDSON, Lee (2022): Better call Seoul: U.S. watches nervously as Europe turns to South Korea for weapons. Politico, 2022. november 1. Online: https://www.politico.com/news/2022/11/01/europe-south-korea-weapons-00064427
MILLER, Steve (2018): Where Did North Korea’s Cyber Army Come From? VOA News, 2018. november 20. Online: https://www.voanews.com/a/north-korea-cyber-army/4666459.html
Missile Defense Project (2023): North Korean Missile Launches & Nuclear Tests: 1984–Present. Missile Threat, 2023. április 25. Online: https://missilethreat.csis.org/north-korea-missile-launches-1984-present/
MITRE ATT&CK (2023): Lazarus Group. Online: https://attack.mitre.org/versions/v7/groups/G0032/
MITRE ATT&CK (2022): Andariel. Online: https://attack.mitre.org/groups/G0138/
MONTLAKE, Simon (2012). Pyongyang Calling For Egyptian Telecoms Tycoon Naguib Sawiris. Forbes, 2012. november 19. Online: https://www.forbes.com/sites/simonmontlake/2012/11/18/pyongyang-calling-for-egyptian-telecoms-tycoon-naguib-sawiris/
NATO CCDCOE [é. n.]: Sony Pictures Entertainment attack (2014). Online: https://cyberlaw.ccdcoe.org/wiki/Sony_Pictures_Entertainment_attack_(2014) Letöltés ideje: 2020. 07. 07.
NOLAND, Marcus (2009) Telecommunications in North Korea: Has Orascom Made the Connection? North Korean Review, 5(1), 62–74. Online: http://www.jstor.org/stable/43910262.
PARK, Kyoung Jae – PARK, Sung Mi – JAMES, Joshua I. (2017): A Case Study of the 2016 Korean Cyber Command Compromise. European Conference on Information Warfare and Security, 315–321. Online: https://arxiv.org/pdf/1711.04500
RAHMAN, Mizanur (2016): A Forensic View of Bangladesh Bank Reserve Heist. University of Dhaka. Online: https://doi.org/10.13140/RG.2.2.35280.51200
RAMANI, Samuel (2023): North Korea’s Covert Alliance With Iran Aligned Militias in the Middle East. 38north, 2023. október 23. Online: https://www.38north.org/2023/10/north-koreas-covert-alliance-with-iran-aligned-militias-in-the-middle-east/
Recorded Future – Insikt Group (2020): How North Korea Revolutionized the Internet as a Tool for Rogue Regimes. Online: https://www.recordedfuture.com/blog/north-korea-internet-tool
Republic of Korea Ministry of Foreign Affairs (2018): Panmunjom Declaration for Peace, Prosperity and Unification of the Korean Peninsula. 2018. április 27. Online: https://www.mofa.go.kr/eng/brd/m_5478/view.do?seq=319130&srchFr=&srchTo=&srchWord=&srchTp=&multi_itm_seq=0&itm_seq_1=0&itm_seq_2=0&company_cd=&company_nm=&page=1&titleNm=
ROK Ministry of National Defense (2018): Defence White Paper: Changes and Challenges in the Security Environment – North Korea’s Military Command Structure. 28. 2018. december 31. Online: https://www.mnd.go.kr/user/mndEN/upload/pblictn/PBLICTNEBOOK_201908070153390840.pdf
Sankei News (2016): 朝鮮大学校元幹部逮捕 「スパイ天国・日本」狙い撃ち 北朝鮮の指示役、韓国大統領選でも暗躍 (magyar nyelven: A Korea Egyetem előző intézményvezetőjének letartóztatása, „Kémek Paradicsoma, Japán” – Az észak-koreai ügynökök a dél-koreai elnökválasztással kapcsolatban is tevékenykedtek). Sankei News. 2016. Online: https://www.sankei.com/affairs/news/160202/afr1602020050-n1.html
SHIM, Elizabeth (2021): Report: North Korea’s trade with China declined 80% in 2020. UPI, 2021. február 22. Online: https://www.upi.com/Top_News/World-News/2021/02/22/Report-North-Koreas-trade-with-China-declined-80-in-2020/2431614020515/
Symantec Threat Hunter Team (2023). X_Trader Supply Chain Attack Affects. Critical Infrastructure Organizations in U.S. and Europe. Symantech Enterprise Blogs, 2023. április 21. Online: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/xtrader-3cx-supply-chain
SZABOLCS Laura (2020): Európai stratégiai autonómia – A közös védelem alapjai és korlátjai. Nemzet és Biztonság, 13(3), 15–35. Online: https://doi.org/10.32576/nb.2020.3.3
Taiwan National Computer Emergency Response Team (2022): Annual Report 2021. Online: https://www.twncert.org.tw/Download/TWNCERT%20Annual%20Report%202021.pdf
TARAKANOV, Dmitry (2013): The „Kimsuky” Operation: A North Korean APT? Securelist, 2013. szeptember 11. Online: https://securelist.com/the-kimsuky-operation-a-north-korean-apt/57915/
TÓTH András (2022): A Katonai Egységes Felhőalapú Eszközrendszer fogalmi rendszerének meghatározása. Hadtudomány, 32(4), 112–125. Online: https://doi.org/10.17047/Hadtud.2022.32.4.112
United Nations Security Council (2012): Security Council Committee Determines Entities, Goods Subject to Measures Imposed on Democratic People’s Republic of Korea by Resolution 1718 (2006). New York, 2012. május 2. Online: https://www.un.org/press/en/2012/sc10633.doc.html
US Department of Defense (2023): Joint Press Statement for the 22nd Korea-U.S. Integrated Defense Dialogue. 2023. április 12. Online: https://www.defense.gov/News/Releases/Release/Article/3360919/joint-press-statement-for-the-22nd-korea-us-integrated-defense-dialogue/ Hozzáférés: 2023. 05. 31.
US Department of Justice (2018): North Korean Regime-Backed Programmer Charged With Conspiracy to Conduct Multiple Cyber Attacks and Intrusions. 2018. szeptember 6. Online: https://www.justice.gov/opa/pr/north-korean-regime-backed-programmer-charged-conspiracy-conduct-multiple-cyber-attacks-and
US Department of the Treasury (2020): Guidance on the North Korean Cyber Threat. Online: https://ofac.treasury.gov/sanctions-programs-and-country-information/north-korea-sanctions
US Department of Treasury (2022): Guidance on the Democratic People’s Republic of Korea information technology workers. 2022. május 16. Online: https://ofac.treasury.gov/media/923131/download?inline
US Cybersecurity and Infrastructure Security Agency (2020): Guidance on the North Korean Cyber Threat. Online: https://www.cisa.gov/news-events/cybersecurity-advisories/aa20-106a
US Cybersecurity and Infrastructure Security Agency (2021): AppleJeus: Analysis of North Korea’s Cryptocurrency Malware. Online: https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-048a
US Cybersecurity and Infrastructure Security Agency. (2022): North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector. 2022. július 7. Online: https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-187a
WILLIAMS, Martyn (2011): North Korea’s Chinese IP addresses. 38.North, 2011. június 26. Online: https://www.northkoreatech.org/2011/06/26/north-koreas-chinese-ip-addresses/
WILLIAMS, Martyn (2014): Internet coming to Kaesong Industrial Zone. 38North, 2014. február 10. Online: https://www.northkoreatech.org/2014/02/10/internet-coming-to-kaesong-industrial-zone/
WILLIAMS, Martyn (2015): Koryolink Faces Big Problems with Cash, Competition. 38North, 2015. június 25. Online: https://www.northkoreatech.org/2015/06/25/koryolink-faces-big-problems-with-cash-competition/
WILLIAMS, Martyn (2017): Russia Provides New Internet Connection to North Korea. 38North, 2017. október 1. Online: https://www.38north.org/2017/10/mwilliams100117/
WILLIAMS, Martyn (2019): North Korea’s Koryolink: Built for Surveillance and Control. 38North, 2019. július 26. Online: https://www.northkoreatech.org/2019/07/26/north-koreas-koryolink-built-for-surveillance-and-control/
WILLIAMS, Martyn (2023a): North Korean Programmers Used a Hosted Laptop to Freelance Online, Says FBI. 38North, 2023. október 24. Online: https://www.northkoreatech.org/2023/10/24/north-korean-programmers-used-a-hosted-laptop-to-freelance-online-says-fbi/
WILLIAMS, Martyn (2023b): Is 4G on the Horizon for North Korea? 38North, 2023. november 4. Online: https://www.northkoreatech.org/2023/11/04/is-4g-on-the-horizon-for-north-korea/
WAGSTAFF, Jeremy – AUCHARD, Eric – KISELYOVA, Maria (2017): Russian Firm Provides New Internet Connection to North Korea. Reuters, 2017. október 2. Online: https://www.reuters.com/article/us-nkorea-internet-idINKCN1C70D2
YAU, Hon-min (2020): Evolving Toward a Balanced Cyber Strategy in East Asia: Cyber Deterrence or Cooperation? Issues & Studies, 56(3). Online: https://doi.org/10.1142/S1013251120400111