Last week, a White House official blamed North Korea for the WannaCry attack in May and noted that Facebook and Microsoft recently took action against the North Korean-linked Lazarus hacker group.
In September, security company FireEye discovered spear phishing e-mails sent to US electric utilities “by known cyber threat actors likely affiliated with the North Korean government”. The company said it stopped the attacks. It remains unclear what information, if any, the hackers obtained.
The potential for North Korea to destroy critical infrastructure without a nuclear weapon has largely been ignored, yet Pyongyang has the cyber capability to cause serious damage.
In 2014, a cyber attack on Sony Pictures destroyed files and leaked e-mails online. The US blamed North Korea for it.
Overall, North Korea’s isolation makes it hard for the US to come up with an effective strategy to counter its cyber attacks.
Washington has had to rely on outside sources for intelligence-gathering, and the North Korean population’s limited access to the Internet means many of its cyber forces operate from outside the nation.
North Korea has consistently used cyber attacks as a distraction from its nuclear program.
Since Pyongyang’s second nuclear test in May 2009, its cyber attacks have targeted South Korea’s critical networks every time there is a nuclear test.
After its third test in February 2013, South Korean TV stations and a bank suffered from the 3.20 cyber terror attack, known as DarkSeoul.
In January last year, when North Korea had its fourth nuclear test, there was a massive spear phishing campaign targeting South Korean public officials, meant to distribute malware to their computers.
After the fifth test in September last year, the South Korean military suffered a major breach that led to the loss of a cache of secret military files.
Using North Korea’s assaults on South Korea as indicative of its broader cyber strategy, the discovery of North Korean-origin malware in the US electrical grid is likely part of a probe for weaknesses in the US system.
Besides the ability to attack US infrastructure, Pyongyang also wants to send a broader signal that it has the capability to penetrate its systems. Just making the international community aware of this could grant it leverage in any negotiations about its nuclear programme.
To tackle this threat, the US must stop other countries from directly and indirectly supporting North Korea’s cyber attacks.
Pyongyang accesses the outside world through a Chinese Internet provider, and North Korean hackers reportedly operate from inside China. A Russian company recently started providing an Internet connection to North Korea and Iran provides it with equipment.
The Trump administration needs to build new relations with Pyongyang’s allies to weaken the activity of North Korean hackers in their territories.
As with its nuclear program, North Korea will continue to develop its cyber strategy with help from sympathetic regimes while avoiding escalating to a “real” war against the US.
Although we still have most to fear from a nuclear attack, Pyongyang’s threats – and ability – to use its cyber strength are cause for serious concern.