Conducted by US-based intelligence company Recorded Future, the report traced North Korea’s outbound internet traffic this year from April 1 to July 6, finding that past cyberattacks like the 2014 breach of Sony indeed originated from the North, but that there was no similar activity emanating from Pyongyang in the report’s time frame, India Times reports.
According to the report, "This likely indicates … [North Korea] are not using territorial resources to conduct cyber operations and that most state-sponsored activity is perpetrated from abroad."
The report also suggests that the North Korean government isn’t isolated from the rest of the world, despite the sanctions regime imposed on it by individual nations and the UN, and that Pyongyang is likely conducting illicit digital operations in several countries where the North maintains a presence.
These countries include Nepal, New Zealand, Kenya, Indonesia, India and Mozambique.
"North Korea has a broad physical and virtual presence in India," the report points out. At least seven Indian universities may have students from the Democratic People’s Republic of Korea (DPRK), and during the report’s time frame, 20 percent of the North’s questionable internet activity was focused squarely on India.
In North Korea’s cyber-espionage crosshairs could be research centers and foreign laboratories. "[A]ctivity targeting the Indian Space Research Organization’s National Remote Sensing Centre, and the Indian National Metallurgical Laboratory raised flags of suspicion," the India Times noted.
Relations between North Korea and India are "[c]haracterized by the Indian Ministry of External Affairs as a relationship of ‘friendship, cooperation and understanding,'" the analysis points out. "[T]he data we analyzed supports the reports of increasingly close diplomatic and trade relationship between India and North Korea."
Though relations between Pyongyang and New Delhi have been good through the years, these revelations, if true, could have a negative impact on their diplomatic ties.
There are also reports that North Korea may be responsible for hacking foreign financial institutions to steal money, and that Pyongyang may be supporting the Lazarus hacker group that stole $81 million from the Central Bank of Bangladesh last year.
Some researchers believe the DPRK may also be connected to May’s WannaCry ransomware attack, which affected 300,000 computers in 150 countries.
Luke McNamara, a senior analyst from the FireEye cybersecurity firm, told Reuters on Friday, "We've seen an increasing trend of North Korea using its cyber espionage capabilities for financial gain. With the pressure from sanctions and the price growth in cryptocurrencies like Bitcoin and Ethereum — these exchanges likely present an attractive target."
