As Kim Jong-un speaks publicly about nuclear disarmament, North Korea’s hacker army continues to launch cyberattacks against different businesses across Asia, Europe and the U.S., according to private sector analysts and former U.S. officials.
Experts from several cybersecurity firms — Dell SecureWorks, McAfee, Symantec, FireEye and Recorded Future — all told CyberScoop that activity from North Korea has stayed steady or grown in volume since peace talks gained steam earlier this year.
The activities of these Pyongyang-linked hacking groups largely focuses on financial theft and covertly stealing digital secrets. While affected companies have quietly dealt with the onslaught in recent months, their contracted cybersecurity firms confidentially collected and studied recent malware samples that show the North Koreans are still actively developing new iterations of their toolsets.
“Similar to operations conducted prior to that date [circa January], North Korean actors have engaged in broad cyber espionage using a Destover-variant tool, developed and deployed malicious Android applications, and developed more destructive malware,” said Priscilla Moriuchi, a threat intelligence expert with Recorded Future and former NSA analyst focused on East Asia.
“We have seen a heavy concentration of targeting in Southeast Asia and the United States, with some cross over into the Middle East,” McAfee Senior Researcher Ryan Sherstobitoff said. “We have even seen an entire country’s financial sector targeted by Hidden Cobra during this period.”