From 38 North‘s Adam Meyers is some commentary on North Korea during the run-up to the Trump-Kim meeting. He’s certain that North Korea’s Kim will continue to aggressively defend its interests:
In response to the most recent round of UN sanctions, a spokesman of the North Korean Ministry of Foreign Affairs stated: “We define this ‘sanctions resolution’ rigged by the U.S. and its followers as a grave infringement upon the sovereignty of our republic and as an act of war violating peace and stability in the Korean Peninsula and the region.“ This initial reaction, now that the ebullience of the PyeongChang 2018 Winter Olympics has passed, should put the world on notice that the Kim regime may see offensive cyber operations as a proportional response to the increasing chokehold of international sanctions. What might such an attack look like?
North Korean operators have been observed over the past several months targeting a variety of organizations that might be seen as viable targets for a retaliation, including financial organizations and defense contractors. North Korean operators would likely use an existing penetration as a jumping off point looking for a high-profile target to inflict damage upon as a show of force. Attacks that occurred during 2016 demonstrated DPRK actors had the capability to penetrate a financial institution and use their processes against them in a currency generation scheme that netted millions of dollars in currency. Based on several other high- profile attacks that followed this watershed event, it is possible that DPRK actors already possess access to organizations that may meet their needs. If a suitable penetration is not present, a new one would be targeted, likely using spear phishing emails or a “watering hole” attack (compromising a legitimate website likely to attract targets of interest who would then be infected with malware). Both techniques have been leveraged by DPRK cyber operators successfully in the past.
The North Koreans will not be angelic during this period prior to the big meeting. Embedded in his commentary is a description of a strategy new to me:
If a suitable penetration is not present, a new one would be targeted, likely using spear phishing emails or a “watering hole” attack (compromising a legitimate website likely to attract targets of interest who would then be infected with malware). Both techniques have been leveraged by DPRK cyber operators successfully in the past.
I’ve fallen way behind on the dark-side of programming, I fear.
