The CISA, the Federal Bureau of Investigation (FBI), and the Department of the Treasury (Treasury) issued a joint Cybersecurity Advisory (CSA) to warn about Maui ransomware, the North Korean state-sponsored cyber actors inclined to target the healthcare and public health sector (HPH). Assumed to be operational since May 2021, the U.S. federal agencies urged the HPH Sector organizations and other critical infrastructure organizations to follow preventive steps to prevent compromise in case of a ransomware attack.
According to the advisory, the FBI observed and responded to several incidents in the HPH sector and noted the use of Maui ransomware to encrypt servers of healthcare services such as electronic health records services, diagnostics services, imaging services, and intranet services.
Since 2006, nations have feared the misuse of nuclear weaponry as North Korea conducted several weapon tests to display its nuclear strengths.
However, the country’s cyber activities and attacks on institutions, industries, and the government have forced authorities to acknowledge its cyber capabilities that have been growing to epidemic proportions in the recent past.
Like many countries, North Korea has continued to enhance its military power by advancing and improvising cyber weaponry. However, cyberattacks from the East Asian country became prominent after the infamous Sony Pictures breach in 2014.
Sony Pictures Hacked
On the morning of Nov. 24, 2014, employees at Sony Pictures Entertainment’s Los Angeles office were confused to see an image of a skeleton on their computer screens along with a warning that read, “We have already warned you, and this is just a beginning. We continue till our request be met. We have obtained all your internal data, including your secrets and top secrets. If you don’t obey us, we’ll release data shown below to the world.”
The attackers had hacked the company’s corporate network, stole a massive amount of personal data, and deleted original files while threatening to release the information if the company did not agree to their demands.
Pyongyang hackers called ‘Guardians of Peace’ were behind the attack. They had targeted the company for a satirical movie about North Korean leader Kim Jong Un, Foreign Policy reported.
While North Korea denied any link to the hacking, the FBI held the North Korean government responsible for the incident.
South Korea’s military intranet hack
However, the cyberattack on Sony was just the beginning. In 2016, North Korea hacked South Korea’s military cyber command that was established to detect and prevent cyberattacks.
The military coders, traced back to the North capital Pyongyang, stole data that included South Korea’s analysis and prediction of the war against the North, a stratagem to decapitate the North by assassinating leader Kim Jong Un among other confidential documentation, The New Yorker reported.
Though this was not the first breach of the South Korea Military by North Korea, it was so severe that, according to the report, Kim Tae-woo, a former president of the Korea Institute for National Unification, a Seoul based think tank, told the Financial Times, “Part of my mind hopes the South Korean military intentionally leaked the classified documents to the North with the intention of having a second strategy.”
WannaCry Ransomware Attack
In 2017, the WannaCry Ransomware spread globally, targeting over 2,30,000 computers in 150 countries, including government institutions in China, Russia, the United States, and Europe.
Known to be a worm-like crypto-ransomware, WannaCry attacked computers running Microsoft Windows by encrypting data, locking the user out and demanding ransom in Bitcoin cryptocurrency. According to a BBC report, WannaCry was the most significant cyber-attack to have hit the National Health Service (NHS) and other organizations across the globe, with damages ranging from millions to billions of dollars.
Cyber security experts and researchers from Google, Microsoft, Kaspersky Lab, and Symantec, who investigated the breach, noted that the code used for WannaCry was like the malware used by the North Korean hacking group linked to the Sony Pictures and a Bangladesh bank heist in 2016.
In 2018, the U.S. government officially attributed the WannaCry cyberattack to North Korea. However, they ridiculed any links to the cyberattack.
Since 2014, North Korea has continued to advance its digital capabilities and poses a significant cyber threat to financial institutions, government agencies and security networks worldwide.
Security agencies and experts have noted a massive increase in attacks in recent times. According to a 2022 report, North Korea is estimated to have over 7,000 cyber warfare professionals with a 300 percent increase in the activity of the North Korean networks since 2017.
Starting January 2020, at least nine cyber breaches and attacks linked to North Korean actors were reported till February 2021. These attacks targeted healthcare and pharma, financial institutions, Covid-19 Vaccine developers and cybersecurity researchers, among others. North Korean hackers have also targeted railroads, automated operating systems linked to railways and jammed airline GPS signals.
A recent UN investigation also revealed that Korean cyber-actors stole over $50 million of digital assets between 2020 and mid-2021 by targeting at least three cryptocurrency exchanges in North America, Europe, and Asia.
Why North Korea attacks
North Korea sees cyberspace as a crucial part of its military advancement. According to The New Yorker, it is the only nation whose government supports criminal hacking for monetary gains. The report added that the North Korean intelligence agency, the Reconnaissance General Bureau, is coached and trained specifically for this purpose.
Since its inception, North Korean leaders have taken a keen interest in cybercrime and warfare. North Korean leader Kim Jong-il after observing the U.S. military operations in Iraq, stated that “in the 21st century, war will be fought as information warfare,” Heritage.org reported. He compared cyber-attacks to nuclear attacks adding that “War is won and lost by who has greater access to the adversary’s military-technical information in peacetime.”
There has been a significant rise in North Korean cyber-attacks after his son Kim Jong Un came to power in 2011.
According to reports, North Korea extensively started investing in cyber weapons and tactics after its military forces fell short compared with those of the United States and South Korea.
Unlike terrorist organizations, North Korean cyber criminals do not claim responsibility for the cyber-attacks. Moreover, the government has continued to deny any involvement. However, according to a 2019 report on sanctions against North Korea by UN experts, the country has raised two billion dollars through cybercrime and attacks. The stolen money, as experts suggest, is used to fund its nuclear weapon program.
The evident advancement and refinement of North Korean cyber capabilities pose a significant threat to the United States, its allies, and international security networks. Moreover, the mutual confiding in the cyber field among Russia, China, and North Korea in recent years also is a strategic threat to the US. It is essential for security officials and experts to acknowledge the impact of North Korea’s initiated cybercrime and enforce regulations to be prepared to counter them.