North Korea has initiated a cyber attack on civilian researchers that are working to better understand the North’s nuclear and missile programs.
The targeted attacks are attempting to use a Zero Day exploit originally developed by the National Security Agency (NSA). So far, most reports of the attacks have come from South Korea, although those may not be the only targets. South Korea traditionally bares the brunt of the cyber attacks from the North. Most experts believe South Korea to be the biggest target because of the proximity to the North and their common language.
Flash 0day vulnerability that made by North Korea used from mid-November 2017. They attacked South Koreans who mainly do research on North Korea. (no patch yet) pic.twitter.com/bbjg1CKmHh
— Simon Choi (@issuemakerslab) February 1, 2018
The Zero Day exploit became well known to the public when North Korea initiated what’s become known as the WannaCry Attack, which loaded ransomware software onto roughly 230,000 computers in 150 countries, including many belonging to major public and private institutions. In the case of the latest cyberattacks utilizing the Zero Day exploit, it stands to reason that North Korea is engaging in a counterintelligence mission, rather than a financial one.
Unlike previous attacks by the North, this exploit does not aim to spread through entire intranetworks, but instead aims to effect the particular machines of civilian researchers and intelligence analysts.
It is unclear if the North attempted similar attacks against any of South Korea’s national intelligence assets. In October 2017 it was reported that North Korea hacked US-South Korea joint military plans, including those detailing a decapitation of the Kim Regime.
The current exploit attempted by North Korea works through Adobe Flash. National Security think-tanks and other institutions have advised their employees to completely disable Flash, in an abundance of caution, until Adobe provides a patch. It remains unclear if this exploit by the North has been successful at compromising any civilian research and intelligence assets to this point.