U.S. Agencies Warn of North Korean Cyberthreats

U.S. government agencies issued a joint warning of worldwide threat of North Korea cyberattacks on Wednesday, a day after Pyongyang fired a barrage of short-range missiles into waters east of the Korean peninsula, in a show of force that analysts saw as possibly linked to the COVID-19 emergency.

The Departments of State, Treasury, and Homeland Security, and the FBI said North Korea is engaging in cyber theft and money laundering, extortion campaigns, and “cryptojacking” -- taking control of computers to use them to mine cryptocurrency.

“North Korea’s malicious cyber activities threaten the United States and countries around the world and, in particular, pose a significant threat to the integrity and stability of the international financial system,” said the joint statement.

“The United States works closely with like-minded countries to focus attention on and condemn disruptive, destructive, or otherwise destabilizing behavior in cyberspace. It is vital for foreign governments, network defenders, and the public to stay vigilant and to work together to mitigate the cyber threat posed by North Korea,” it said.

It attributed several high profile attacks to Pyongyang, including the 2014 attack of Sony Pictures, the 2016 Bangladesh Bank Heist, and the 2018 digital currency exchange hack.

Experts say the warning – which also carried to advice to mitigate the threat and described a program of rewards of up to $5 million for information – is significant because it indicates that threats from North Korea could increase.

Martyn Williams, editor of the North Korea Tech website, told RFA that the warning showed that North Korean cyberattacks continue to concern the U.S. government and companies based in the U.S.

“If North Korea were doing less cyber activities than before, they wouldn’t be concentrating so much on it. They probably wouldn’t be following it,” said Williams.

“This does indicate that the threats are there and may even be increasing. This is the US government’s attempt to raise awareness to the threats North Korea poses to all kinds of companies and networks,” he added.

Matthew Ha, a research analyst at the Foundation for Defense of Democracies, said “normally, these technical alerts put out by the Cybersecurity and Infrastructures Security Agency (CISA) are meant to be defensive in nature. They are intended to warn potential targets of malicious cyberattacks.”

“This specific alert, however, seems to address the broader threat concern of North Korean cyberattacks that focuses on the financial sector, rather than providing an update on a new malware variant associated with North Korea's hackers,” said Ha.

“Issuing this alert today also seems to be the next step after the U.S. and UK issued a joint malicious cyber alert last week amid the COVID-19 global pandemic. That joint alert addressed no specific nation state actors, but this new alert solely focused around North Korea would make sense from Washington's perspective to remind potential victims, such as banks and cryptocurrency exchanges, to fix any software vulnerabilities,” he added.

“Moreover, this alert is meant to bolster cyber defense against North Korean cyber threats at this uncertain time amid a global health crisis,” said Ha, referring to the global COVID-19 pandemic that has crippled most of the world’s economies.

The cyber alert came as analysts in Washington and Seoul were evaluating the motives behind the barrage of short-range missiles North Korea fired into waters east of the Korean peninsula on Tuesday, the eve of the commemoration of the April 15 birthday of state founder Kim Il Sung, a major holiday known as the Day of the Sun.

North Korea launched what were thought to be cruise missiles Tuesday morning that traveled at low altitude through the air to a point about 93 miles off the east coast of the peninsula, the Associated Press (AP) reported, citing an anonymous official of South Korea’s Joint Chiefs of Staff.

The official told AP that after the first launch, fighter jets fired air to surface missiles into the sea as well, and speculated that the projectile launches might indicate that Pyongyang is resuming military drills it had curtailed due to concerns about the coronavirus pandemic.

But one South Korean expert told RFA’s Korean Service Tuesday that the drill was carried out specifically as a way to commemorate the Day of the Sun without holding events with large crowds under coronavirus controls.

"The 15th is the birthday of Kim Il Sung, but I'm sure that they are not able to hold a big event due to the coronavirus," said Park Young-ho, director of the Peace Research Institute Seoul.

“In this situation, showing military prowess can be interpreted as a kind of political and symbolic message [to the North Korean people] to unite under Kim Jong Un and break through the difficulties [presented by COVID-19].”

North Korea claims it has no confirmed cases of the virus, but experts doubt the claim due to the extensive precautions Pyongyang has taken, likely to prevent the spread of the disease through the country.

Park said he did not believe North Korea’s missile launches might be related to South Korea’s parliamentary elections, which also fell on Wednesday.

“[They know we’ve] become desensitized to North Korea’s frequent missile launches. North Korea would never think that a missile launch alone would have a significant impact on the South Korean parliamentary elections,” he said.

In the elections, former North Korean diplomat Thae Yong Ho, who defected while serving as Pyongyang’s deputy ambassador to the U.K. in 2016, appeared to have won his bid for an assembly seat representing the wealthy Gangnam district of Seoul.

Nam Kwang-Kyu of the Maebong Unification Institute told RFA that the launch of short-range missiles, which are unlikely to cross U.S. or U.N. red lines, were meant to draw attention away from the coronavirus crisis that is dominating the news cycle globally.

“So we can see it as an indirect message to the U.S. The intensity of the provocation is also low, so in that sense it can be interpreted as a message asking for the U.S. to pay attention.”

Mark Fitzpatrick of the London-based-International Institute for Strategic Studies told RFA that the firings likely carried a political message.

“One audience is the North Korean public, which might need reassurance that the authorities are following up on Kim Jong Un's year-end message about developing strategic weapons and also reassurance that the coronavirus is not impeding defense readiness,” he said.

“There is probably an intention to send the same message to the Republic of Korea and to the United States,” said Fitzpatrick.

But Bruce Klingner of the U.S.-based Heritage Foundation downplayed this notion, pointing out that COVID-19 delayed Pyongyang’s annual winter training cycle.

“While there is a tendency to interpret any North Korean military activity as a signal to outside or domestic audiences, it may simply be the military engaged in regular exercises,” Klingner told RFA.

“Short-range missiles are a poor signal since they are not as intimidating as longer-range nuclear capable weapons. A signal of defiance on the eve of the South Korean election would be counter-productive for the regime since it would work against the Moon Jae-in administration's attempts at inter-Korean dialogue,” Klingner added.

Evans Revere, the former principal deputy assistant secretary of state for East Asian and Pacific affairs Evans also told RFA that the launches might be part of normal training exercises, but they may undercut Pyongyang’s public stance that coronavirus is having little effect on the country.

“[The launches] are significant in that the ROK military has confirmed what many of us suspected, that the [Korean People’s Army] KPA's winter training activities have been affected by the coronavirus pandemic,” said Revere.

This report contains comments from sources translated from Korean by Leejin Jun.