Solutionary: North Korea Cyberattack Activity Boomed in February

By | May 02, 2013

Posted in: Network Security Trends

February saw a significant jump in cyber attack activity emanating from North Korea, according to recent analysis.

IT security vendor Solutionary found that “touches”-- a known reconnaissance, an overt external attack or the attempted exfiltration of data -- from North Korean IP addresses spiked during the month of February. Historically, North Korea has generated roughly 34-to-200 touches per month against the firm's client base. In February of 2013, the firm recorded 12,473 touches – an 8445% increase over the average during the previous 12 months.

Jon Heimerl, director of strategic security for Solutionary wrote in a blog post that there was plenty for North Korea to crow about in February which maybe helps explain the notable increase.

"What is special about February of 2013? Only the latest escalation of events with North Korea," wrote Heimerl. "On February 12, North Korea announced that it had conducted an underground nuclear test. While there is some debate over whether or not the detonation was nuclear, an underground explosion consistent with a nuclear warhead has been confirmed by several other nations. The test generated widespread condemnation and once again raised potential sanctions against North Korea. North Korea has responded with additional aggressive words, and another threat to test one of their missiles that they say is capable of delivering a nuclear warhead."

Heimerl notes that from January 2012 through January 2013, roughly 49 percent of all North Korean sourced cyberactivity seen by the firm was directed at financial companies. In February 2013, that figure jumped to 99 percent. He mentions that during this same timespan and into March of 2013, North Korea waged denial of service attacks against South Korean banks and broadcasting companies.

Whether or not any of this heightened activity is government sponsored, Heimerl can only make an educated guess.

"[T]here is no evidence that any of this is supported or even encouraged by the North Korean government. But, there do appear to be several parallels between escalated verbal rhetoric and escalated cyberattacks," he wrote. "It is evident that, whether government influenced or not, that the dual-path of aggression is a new way of facing the world, at least from North Korea. Given the more hard-line government in North Korea, we expect escalations like this to continue, and to become even more evident in other conflicts around the globe."

You May Also Be Interested In: