Inside North Korea’s Social Engineering Techniques: Insights from US and South Korea

Cyberwarfare US, South Korea Detail North Korea’s Social Engineering Techniques

North Korea has a notorious history of cyberattacks and is now targeting the employees of think tanks, academic and research institutions as well as news media organizations. According to a joint advisory by the United States and South Korea, the North Korean threat actors use social engineering techniques and spear-phishing campaigns to target analysts and gather intelligence. The advisory mentions advanced persistent threat (APT) actors such as Kimsuky (also known as Black Banshee, Thallium, and Velvet Chollima) and APT43, currently subordinated to an element within North Korea’s primary military intelligence organization, the Reconnaissance General Bureau (RGB). These APTs compromise policy analysts to gather intelligence used to craft credible spear-phishing emails targeting more sensitive, higher-value targets.

Social Engineering Techniques

The North Korean threat actors use broad research and preparation that includes gathering information on potential targets, creating fake email addresses similar to those of real individuals, and registering domains resembling known internet services and media sites. They use personas to engage targets and often include malicious links or documents embedded with macros in the phishing emails. After initial engagement with the target, the APT tries to compromise their accounts or devices, collecting intelligence on diplomatic efforts, foreign policies, and geopolitical events that impact the interests of North Korea.

The primary goal of the DPRK regime’s cyber program is to maintain consistent access to intelligence about countries of interest and impede any perceived political, military, or economic threats to the regime’s security and stability, according to the advisory. The advisory also provides a list of indicators that potential targets of North Korea’s social engineering need to be aware of.

Editorial: The Dangers of Cyberwarfare

Since the advent of the internet, cyberattacks have become a common and lethal tool for spying, disrupting activities and destruction. The North Korean social engineering technique is just one example of how cyberwarfare is becoming more dangerous and sophisticated. Cyberattacks can cripple an entire country, its government, and even military installations.

As cyberwarfare is quickly becoming a norm, more countries around the world are developing sophisticated cyber capabilities. North Korea’s cyber capabilities have become increasingly threatening as it uses the internet to conduct espionage and to acquire sensitive information about other countries. While international laws and treaties govern conventional warfare, there is a significant void in the regulation of cyber warfare, making it an uncharted territory with few limitations.

Advice

Given the nature of cyberwarfare, private and public enterprises alike must prioritize internet security. Organizations should train their employees to be cautious of suspicious emails, do regular backups, and update security software.

The need for security includes every stakeholder, such as government leaders, policymakers, and industry leaders. International cooperation is also fundamental to mitigate the risks that accompany cyberwarfare. It requires government leaders to work together in developing, implementing, and enforcing cybersecurity laws and regulations.