Because of the ease with which a hacker can misdirect the origins of an assault, it is impossible to attribute a cyberstrike to a specific source. So on the one hand, any evidentiary claims that North Korea was responsible for the recent WannaCry or Petya attacks, or even the Sony Pictures “Interview” hack are bogus. On the other hand, the “quacking duck” theory of circumstantial evidence leads us to the conclusion that the North Koreans are behind all of these, and more.

Why this matters is that it provides a peek into the capabilities of the North Korean cyberwarfare operations and, in particular, the special cell of the North Korean spy agency called Unit 180. If the Trump administration is seriously considering the launch of a cyberbarrage against the North, these are the folks with whom they will engage. And they are formidable.

Close

Unit 180, a part of the Reconnaissance General Bureau (RGB), is one of many specialized cyberteams within the North Korean cybermilitary organization, but they are considered to be the elite front-line force: sort of combination Army Rangers, Navy Seals, and Marine Force Recon in cyberspace.

[lz_ndn video= 32557628]

These are the guys the U.S. InfoSec community believes are responsible for not just WannaCry, Petya and Sony but also the 2016 $81 million cyberheist at the Bangladesh central bank. They are also blamed for a series of other online attacks, mostly on financial networks in the United States, South Korea, and in a dozen other countries, including the Philippines, Vietnam, and Poland.

The objectives of these attacks vary and range from the outright theft of hundreds of millions in sorely needed cash to the most recent and thinly disguised “ransomware” attacks — which instead of being ransomware were in fact probes of varying defenses across industry sectors in multiple countries.

These attacks were initially reported as ransomware because they included messaging about a $300 ransom in Bitcoins in exchange from the victims. Anyone who has been paying attention, however, now knows that the channel for payment had been shut down. The data victims thought would be returned were hopelessly destroyed instead of simply encrypted.

No, these attacks were clearly for the purposes of testing both the defensive technologies in play and response mechanisms in place. Both failed miserably. The attacks were widely successful, and had they been targeted toward physical infrastructures in the U.S., such as dams, electrical grids, financial institutions, and transportation hubs, they would have created disruption and destruction on a massive scale. It is similar to testing a long-range ICBM but without the media fanfare.

One easily digestible example is the Petya virus embedded into the shipping system at Maersk, the largest global marine transportation company. The infestation affected almost every business unit, including container shipping, port and tug boat operations, oil and gas production, drilling services, and oil tankers, and then transferred itself into container-management systems at Indian seaports, where Maersk containers began unloading.

[lz_related_box id=814347]

Who do you think would win the Presidency?

By completing the poll, you agree to receive emails from LifeZette, occasional offers from our partners and that you've read and agree to our privacy policy and legal statement.

Similarly, approximately half of the financial institutions in Ukraine use a tax accounting software package known as M.E.Doc, which carried the infection into all those systems plus any system connected through third parties. The idea was to spread the infection in the same way that a cough does in a crowded subway. And it worked.

North Korea sends its cyberarmy overseas under the cover of being employees of trading firms, overseas branches of North Korean companies, or joint ventures in China or Southeast Asia. These countries have better Internet connections and native IP addresses that make the job of false-flagging easier and in addition to China, including Eastern Europe and Malaysia. This would account for some of the allegations of the Petya and WannaCry strains originating in Russia or Ukraine. Two IT firms in Malaysia are known to have links to North Korea’s RGB spy agency.

It is also known that North Korea hacked into more than 140,000 computers at 160 South Korean companies and government agencies last year, planting malicious code to lay the groundwork for a massive cyberattack on its rival. (go to page 2 to continue reading)[lz_pagination]