Ch-Ch-Changes: The Arc of the CHOLLIMA’s and DPRK’s State-Driven Cyber Ecosystem
Contents
Ch-Ch-Changes: The Arc of the CHOLLIMA’s and DPRK’s State-Driven Cyber Ecosystem
CYBERWARCON 2019, November 21, 2019, Arlington, VA
Presentation by Katie Blankenship, Crowdstrike
Since 2015, DPRK computer network operations (CNO) have evolved into a self-sustaining, government-operated cyber ecosystem that supports espionage, destructive, and criminal elements – all while concurrently adapting to fluid strategic demands from national leadership. While the DPRK case itself may be unique, as a CNO framework it could serve as model and even driver for future state CNO programs in similar regime-driven countries seeking similar high-payoff objectives with limited resources.
This talk will first look at how CHOLLIMA adversaries as an operational enterprise shifted and evolved following milestones such as the SONY and KHNP public retribution and resulting economic sanctions in early 2015, as well as the major reorganization of the DPRK State Affairs Commission in 2016. This will include tracking the trajectories of five separate CHOLLIMA adversaries since 2015, …
CYBERWARCON 2019, November 21, 2019, Arlington, VA
Presentation by Katie Blankenship, Crowdstrike
Since 2015, DPRK computer network operations (CNO) have evolved into a self-sustaining, government-operated cyber ecosystem that supports espionage, destructive, and criminal elements – all while concurrently adapting to fluid strategic demands from national leadership. While the DPRK case itself may be unique, as a CNO framework it could serve as model and even driver for future state CNO programs in similar regime-driven countries seeking similar high-payoff objectives with limited resources.
This talk will first look at how CHOLLIMA adversaries as an operational enterprise shifted and evolved following milestones such as the SONY and KHNP public retribution and resulting economic sanctions in early 2015, as well as the major reorganization of the DPRK State Affairs Commission in 2016. This will include tracking the trajectories of five separate CHOLLIMA adversaries since 2015, …