Pierluigi Paganini July 07, 2014

North Korea has doubled the number of its elite cyber warriors over the past two years and established overseas bases to run hacking attacks.

The majority of people ignores that all over the world, many silent conflicts happen, the cyberspace is considered for this reason the fifth element of warfare. Unfortunately the effects of these cyber attacks could be serious and could also menace the population of a country, Stuxnet case demonstrated the fragility of a critical infrastructure and the efficiency of a cyber weapon.

One of the most intensive cyber dispute is the one that is fought by North Korea and South Korea, two countries with very good cyber capabilities, that in many cases have tried to hit their enemies from the cyberspace.

The tension between North Korea and South Korea is very high, both governments are spending a great effort to improve their cyber capabilities and to assert their supremacy over their rivals.

Early this year the Yonhap news agency reported that the Government of Seoul was working for the development of a cyber weapon to hit North Korean nuclear facilities. The decision to hit North Korean nuclear facilities is motivated by the intensification of  the testing of nuclear weapons conducted in underground with controlled explosions by the Government of Pyongyang.

“Once the second phase plan is established, the cyber command will carry out comprehensive cyber warfare missions,” said a senior ministry official referring the possibility to target North Korean nuclear plants.

North Korea has the highest percentage of military personnel in relation to population, it has approximately 40 enlisted soldiers per 1000 people with a considerable impact on the budget of the country. Last year a defector has declared that North Korea has increased its cyber warfare unit to staff 3,000 people and it is massive training its young prodigies to become professional hackers.

But new revelations on the cyber capabilities of North Korea are worrying Seoul, the government of Pyongyang has doubled the number of the units of its cyber army. According to a report issued by the news agency, the number of cyber warriors of the The North Korea now is 5,900 and the cyber army has also established overseas bases for hacking attacks.

“The communist country operates a hacking unit under its General Bureau of Reconnaissance, which is home to some 1,200 professional hackers,” a military source was quoted as saying.

The South’s Yonhap news agency revealed that North Korean cyber units were involved in a series of cyber attacks launched through overseas bases in countries such as China. The North Korean cyber army hit many times the infrastructure of the South Korea, banks, military entities, media and TV broadcasters were hit with malware and other sophisticated techniques.

In July Mc Afee Lab experts revealed that hackers behind the recent attacks against South Korean infrastructure are professionals that designed also malicious code to steal military secrets to the South Korea and US military. Security experts at McAfee Labs revealed that the malware used during the attacks was expressly designed to find and steal secret information on US forces involved in joint exercises in South Korea.

Researchers dubbed the campaign Operation Troy due the numerous references into the source code of the city, the malicious code used appears the same implanted into a social media website used by military personnel in South Korea in 2009.

Ryan Sherstobitoff, a senior threat researcher at McAfee, provided to the The Associated Press a report that will be publicly issued later this week on the analysis of malware instances detected. Despite it is not clear the exact amount of information stolen, neither the exact networks penetrated by attackers, South Korean Government blamed North Korean state sponsored-hackers.

Researchers highlighted that there are various clues in the malicious code which lead to the North Korea, for example the password used to unlock encrypted files contains the number 38 probably linked to “38th parallel” that separates the North from South Korea.

Sherstobitoff started the investigation after the malware based attacks occurred on March 20^th, known as the Dark Seoul Incident, in which tens of thousands of hard drives belonging to television networks and banks in South Korea were wiped.

“This goes deeper than anyone had understood to date, and it’s not just attacks: It’s military espionage,” Sherstobitoff said

As usual, the North has denied any involvement and accuses South Korea of fabricating the incidents to increase the tension between the states.

Pierluigi Paganini

(Security Affairs –  cyber warfare, Korea)

[adrotate banner=”5″]

[adrotate banner=”13″]