Washington and Seoul Remain Mum on Pyongyang’s Cyberattacks
A new report by California-based cybersecurity firm McAfee has found that North Korea conducted cyberattacks on United States’ financial institutions and commercial companies during the Trump-Kim summit in Hanoi last week. The report, released on Mar. 3, 2019, noted that a new streak of attacks by North Korean hackers began in 2017 and continued even after the warming of relations between Trump and the North Korean leader Kim Jong-un.
First discovered in December 2018, the North Korean cyberattack campaign, codenamed “Operation Sharpshooter,” was estimated to have begun in September 2017. Around the same time, Trump had toughened rhetoric against Kim —Trump called Kim “a rocket man… on a suicide mission for himself and his regime” in a speech to the United Nations General Assembly.
Working alongside an unnamed US law enforcement agency, engineers at McAfee were able to access a server used by hackers and watch attacks happen in real time. According to McAfee, the attacks that unfolded during the Hanoi summit were done using the systems developed for “Operation Sharpshooter.”
“Operation Sharpshooter” was designed to snatch information from the victim’s computers and sometimes erase them. Government institutions, telecommunications companies, and defense contractors were the main targets. By sending emails containing Microsoft Word documents, which, when opened, downloaded macros dubbed “Rising Sun,” hackers secured access to secure servers and victims’ computers.
Additionally, the hackers’ IP addresses could be traced back to known servers in North Korea; however, some were traced back to other countries, such as Namibia. Experts had said the addresses may not indicate the adversary since they could be falsified.
Trump and South Korean President Moon Jae-In have not called out North Korea for their cyber operations. Of their attacks, North Korea has focused mostly on South Korea financial institutions and think tanks with links to North Korea. According to reports, one series of the cyberattacks on South Korea began in the lead-up to the Panmunjom summit in April 2017 and continued throughout the summit. In the Panmunjom Declaration, in which both rival Korean governments pledged to “completely cease all hostile acts against each other in every domain,” no specific mention of cyberattacks was made.
It was also reported that cyberattacks were conducted during the Winter Olympics in 2018, although the identities of hackers in that case remain under investigation. While the South Korean leader has quietly conducted a campaign to update the internet servers used by institutions in South Korea, Moon has stopped short of publicly mentioning internet security issues with regards to North Korea.
Trump has also declined to denounce North Korea on the matters of cyberattacks. In September 2018, while the US Department of Justice published a 179-page report in the effort to “name and shame” North Korea’s hacking efforts, Trump praised North Korea’s leader Kim Jong-Un multiple times, including his mentioning of “beautiful letters” sent by Kim.
Supporters of Trump have pointed out that Trump’s priority is denuclearizing North Korea, with no pressing need to address the cyberattacks.
Others have suggested that blocking North Korea’s ability to attack institutions in the cyber space would strengthen the position of countries, such as the US. Mentioning North Korea’s financial purposes for these attacks, Richard Harknett, a cybersecurity researcher at the University of Cincinnati commented, “they’ll accept the U.S. position more if we’re able to take away cyber as an option for them.”