It took only a few years for North Korea to advance its cyber capabilities from solely destructive campaigns to sophisticated technical operations. This shift puts North Korea in competition with top nation-state groups and reveals strategic changes in how it plans to support its regime.
"[To say] I'm intrigued is an understatement by what they've done over the years," says Josh Burgess, technical lead and threat intelligence adviser at CrowdStrike. "I've been watching them at least six to seven years, personally, as they progress through their malware campaigns: how they've grown, how they've evolved, how they've done what they've done."
Its financial motivation sets North Korea apart from other nation-state groups, especially the "Big Four" -- Russia, China, Iran, and North Korea, Burgess notes.
Most other nation-state actors are motivated by national security objectives or national economic objectives, with their activity primarily focused on the nation's overall well-being, adds Jason Rivera, director of CrowdStrike's global strategic advisory group, of the differences.
"What North Korea appears to be doing is really around the well-being of the regime, engaging in financially motivated operations for the regime to continue with certain illicit activities," he says.
But financial gain isn't its only differentiating factor, Burgess points out. While its attacks have grown more sophisticated, North Korea has a history of incorporating destruction into cyber activity from attacks dating back to 2007. This isn't often seen in other nation-states or attack groups.
"Everything has a destructive side to it," he explains. "There's a lot of reasons for that. One of the reasons is sabotage -- smashing stuff to smash stuff. And another part is complicating forensics, making it ..
Support the originator by clicking the read the rest link below.
