The Korean peninsula (including South Korea) has risen to be “one of the top three geographies hosting DDoS botnet command and control services and being the originator of DDoS attacks worldwide,” according to Carl Herberger, Radware’s vice president of security solutions. The country’s cyber program goes back to the 80s/90s and cyber actors are reportedly trained from a young age. Threat Intelligence and research firm Flashpoint has analyzed publicly released North Korean educational textbooks. They revealed that programming is introduced in secondary school, with more advanced topics and information security principles being taught in tertiary programs. Javier Velazquez, threat intelligence analyst at EclecticIQ explains that the education system is specifically designed to prepare top students for entry into specialized universities in the North Korean capital, Pyongyang.
For a long time, their priorities were very local, which allowed North Korean cyber actors to experiment and improve their skills without attracting too much attention from major cybersecurity companies. “It wasn’t until Sony that the majority of the industry really started tracking the threat. By then, they had overcome most of the amateur mistakes,” says Ross Rustici, senior director of intelligence services at security specialist Cybereason.
The state-sponsored hacking program is highly advanced and covers three main areas: intelligence operations, destructive campaigns, and currency generation.