“The Evolution of North Korean Cyber Threats” by the Asan Institute for Policy Studies said the North’s illegal cyber activities had shifted toward theft in the past decade.
Describing the trends from 2009 to 2018, the report said Pyongyang had focused on Distributed Denial of Services attacks in the early years and then moved toward information-gathering operations. More recently, in 2017 and 2018, their cyber activities appeared to be oriented toward stealing money, suggesting that economic sanctions had been effective in putting pressure on the communist regime.
DDoS attacks and information-gathering operations were highly visible in the years from 2009 to 2016. But with increased economic sanctions in recent years, the report said, they might seem to outside observers to have become less frequent.
“It appears cyber thefts have become an integral part of Pyongyang’s strategy as a way of survival,” the report said.
But the report explained that Pyongyang’s cyber strategy had not changed much, and that it was still eager to keep spying to uncover South Korean military secrets. The North only appears to refrain from displaying its capabilities, the report said, because it is aware that countermeasures must also be more sophisticated.
“If caught and punished, North Korea will find it increasingly difficult to bear the economic sanctions pressure,” the report said.
The institute said the North had improved its deception capabilities, making it more difficult for South Korea to detect espionage.
Citing hacker groups linked to the communist regime such as APT37, Lazarus APT Group and the Hidden Cobra, the report said they targeted South Korean firms and institutes by exploiting technical vulnerabilities in programs such as Hangul Word Processor and the widely used plug-in Active X.
“North Korea’s cyber attacks have become less detectable and less striking than in the past,” it said.