NIS: "North Korea's Cyber Attacks Targeting Defense Technology Will Intensify"

[Asia Economy Reporter Jang Hee-jun] It is anticipated that North Korea will intensify its cyberattacks against South Korea next year. Additionally, since Kim Jong-un presented the strategic goals for defense industry development at the 8th Workers' Party Congress in January last year, there has been a significant increase in attempts to steal South Korea's nuclear power and defense technology.

On the 22nd, the National Intelligence Service (NIS) held a press briefing at the National Cybersecurity Cooperation Center in Pangyo Techno Valley 2, Gyeonggi Province, announcing the "2023 Five Major Cybersecurity Threat Forecasts."

National Intelligence Service

The NIS stated, "Next year, state-backed hacking groups from countries such as North Korea and China will continue hacking to collect advanced technologies related to our nuclear power, space, semiconductors, and defense industries, as well as the South Korea-U.S. North Korea policy strategies." They added, "In particular, North Korea, now in the third year of its national economic development plan, will persist in stealing technical data to fulfill this plan while also intensifying efforts to gather diplomatic and security information."

They further noted, "Considering that North Korea has previously conducted cyberterrorism targeting government and financial networks during times of deteriorated inter-Korean relations or after nuclear tests, there is concern about cyber sabotage attacks linked to military provocations and anti-South Korea propaganda." They warned, "Hacking groups that have learned from the ripple effects of incidents like the 'Kakao incident' and fires at private data centers (IDCs) may attempt destructive cyberattacks on key infrastructure systems to incite social chaos."

They also pointed out that, just as a 'fake' surrender video of Ukrainian President Zelensky circulated early in Russia's invasion of Ukraine, North Korea might use deepfake technology to distribute false videos and conduct operations against South Korea.

Baek Jong-wook, the NIS Deputy Director, explained, "North Korea has shown a pattern of launching cyberattacks in retaliation against international sanctions immediately following nuclear tests. During the 6th nuclear test in June 2017, there were fewer attacks amid a warming atmosphere in inter-Korean relations, but there were many attacks around the failure of the Hanoi U.S.-North Korea summit in 2019."

When asked whether attacks increased after Kim Jong-un instructed the miniaturization and tactical weaponization of nuclear weapons at the 8th Party Congress, he replied, "It definitely has a significant impact."

Regarding whether the president's and ministers' mobile phones could be targets, he said, "Even abroad, the president's email and mobile phone information are considered top targets by attack groups. We always keep in mind that such individuals will be targeted."

National Intelligence Service

The NIS also forecast that cyber financial crimes such as cryptocurrency theft and ransomware targeting public institutions and companies will surge next year. They expressed concern that ransomware-as-a-service (RaaS) attacks and targeting of new financial services like decentralized finance (DeFi) virtual assets and open banking are highly likely.

It is estimated that North Korea has stolen virtual assets worth approximately 1.5 trillion KRW worldwide since 2017, with about 800 billion KRW stolen this year alone. Thanks to the "Act on Reporting and Using Specified Financial Transaction Information" (Special Financial Information Act), South Korea has strengthened security by transitioning virtual asset transactions to real-name systems, resulting in no damages this year. However, cumulative damages since 2017 exceed 100 billion KRW.

An NIS official stated, "The NIS evaluates that North Korea possesses the world's top virtual asset hacking capabilities. Since the strong sanctions by the UN Security Council in 2017, North Korea has focused on hacking for foreign currency earnings, and with the rapid growth of the domestic virtual asset market, it has become a core target of North Korea's attacks."

Deputy Director Baek added, "While top students usually enter medical schools here, in North Korea they pursue information and communication technology (IT) fields and receive intensive training under the military. North Korea's gifted students prefer IT majors because it offers opportunities to go abroad."

North Korean Cyberattack

The NIS also revealed that various actors besides North Korea are attempting cybercrimes against South Korea. On average, about 1.18 million state-backed or organized attack attempts were detected daily last month.

Recognizing that increasingly severe cyberattacks cannot be prevented by a single company or government agency alone, the NIS announced the opening of the Cybersecurity Cooperation Center (hereafter, the Center) on the 30th of last month. The Center houses personnel from government agencies such as the NIS, Ministry of Science and ICT, and Ministry of National Defense, as well as IT security companies including AhnLab, ESTsecurity, SK Shieldus, S2W, and Chainalysis.

First revealed to the media on this day, the Center is equipped with a joint response room, joint analysis room, safety inspection room, and technology sharing room, and monitors cyberattacks 24/7 throughout the year.

Deputy Director Baek stated, "It has long been unreasonable to expect that highly sophisticated and intelligent cyberattacks can be blocked by the efforts of a single company. The reason for establishing the Cybersecurity Cooperation Center is to break down walls between public and private sectors, consolidate cyber response capabilities in one place, and protect South Korea's cyber safety through strengthened international cooperation."

He added, "This is not merely a physical space. Organizations, people, and information gather here to analyze, judge, and respond to all matters. I confidently say that the Pangyo Cybersecurity Cooperation Center will become a platform for cooperation among the public, private, military, industrial, academic, and research sectors," the NIS assured.

He continued, "The Center will always keep its ears open to the vivid voices of numerous IT industries, academia, public institutions, and media gathered in Pangyo. With the three values of communication, cooperation, and coexistence as its goals, we will develop Pangyo beyond a domestic cybersecurity cooperation cluster into a cradle of international cybersecurity cooperation."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.