Information Warfare: Kimsuky And The Secret Menace


October 21, 2013: Internet security researchers recently announced they had identified a new group of hackers operating out of North Korea. Calling this group Kimsuky, it has been active for about six months and has targeted universities, shipping companies, and groups encouraging Korean unification. What made Kimsuky stand out was the amateurish behavior of its personnel. The malware (to secretly steal passwords and other ID data) were crudely done and the group was sloppy (or just new to all this) in how they carried out their attacks. This sloppiness made it possible to track the attacks back to North Korea. Kimsuky may be a team formed from newly graduated Cyber War specialists who are out to show they can produce. They can, but not very effectively and not with the stealth required to carry out the most effective attacks.

Earlier this year South Korean security researchers concluded that nearly all the Internet based attacks since 2009 were the work of one group of 10-50 people called DarkSeoul. Given the extent of the attacks, the amount of work required to carry them out, and the lack of an economic component (no money was being stolen), it appeared to be the work of a national government. That coincides with earlier conclusions that North Korean, not Chinese, hackers were definitely responsible for several attacks on South Korean networks. The most compelling bit of evidence came from an incident where a North Korean hacker’s error briefly made it possible to trace back to where he was operating from. The location was in the North Korean capital at an IP address belonging to the North Korean government. Actually, very few North Korean IP addresses belong to private individuals and fewer still have access to anything outside North Korea.

Kimsuky and DarkSeoul appear unrelated, other than the fact that both are coming from North Korea. This indicates that the North Korean Cyber War effort has become so large that several organizations are now planning and carrying out attacks. North Korea appears to be grooming its Cyber Warriors to be major operatives in any future war. More likely the North Korean Cyber War efforts are leading up to some very damaging attacks that North Korea will deny responsibility for and that, if done right, cannot definitively be traced back to North Korea. The South Koreans may not put up with that, in which case the north can play the victim and gain some more enthusiasm for a war from its bedraggled people and substantial military aid from China.  


Article Archive

Information Warfare: Current 2021 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999 



Help Keep Us Soaring

We need your help! Our subscription base has slowly been dwindling. We need your help in reversing that trend. We would like to add 20 new subscribers this month.

Each month we count on your subscriptions or contributions. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage. A contribution is not a donation that you can deduct at tax time, but a form of crowdfunding. We store none of your information when you contribute..
Subscribe   Contribute   Close