In a relatively short period of time, North Korea has evolved its offensive cyber capability from that of a fledgling nation to a global cyber superpower. Having shifted their focus from purely destructive campaigns, which culminated in 2014 with the attack against Sony Pictures, North Korea appears to have shifted to a dual-pronged approach where they prioritize both maintaining control for the current Kim regime, as well as attacks designed to diversify and otherwise energize their economy.
What's notable about North Korea is the rate at which they have modernized the speed of their offensive capabilities as well as the competency they have demonstrated relative to other nation-state actors. According to intelligence reporting, North Korea is the second fastest threat actor in terms of breakout time (how long it takes the actor once inside the network to move laterally). On average, it took North Korea 2 hours & 20 minutes to achieve breakout, whereas it took China an average of about 4 hours and Iran an average of about 5. In terms of their efficacy and the ability to engage in impactful attacks, the US National Security Council contends that North Korea has stolen at least $2 billion USD in the course of its malicious currency generation offensive cyber activity – more than any other known threat actor (both nation-state and criminal).
Given the above, the purpose of this presentation is to illustrate from both a technical perspective as well as a strategy perspective how North Korea became the cyber superpower that they are today. By demonstrating and detonating malware variants that most of the world has never seen, this presentation will review major historical attacks, will assess the malware involved in these attacks, and will review how those attacks played into the larger strategic objectives of the North Korean regime.