North Korean Cyber Activity
Contents
North Korean Cyber Activity
03/25/2021
TLP: WHITE, ID# 202103251030
Agenda
• DPRK National Interests
• Timeline of Recent Activity
• Overview of DPRK APT Groups
• APT Threat Actor Profiles
o HIDDEN COBRA
o Andariel
o APT37
o APT38
o TEMP.Hermit
o TEMP.Firework
o Kimsuky
o Bureau 121
o Bureau 325
• Recommendations
• Outlook
Slides Key:
Non-Technical: Managerial, strategic and highlevel (general audience)
Technical: Tactical / IOCs; requiring in-depth
knowledge (sysadmins, IRT)
2
DPRK National Interests
• North Korea, officially the Democratic People’s
Republic of Korea (DPRK)
• Supreme leader: Kim Jong-un (since 2011)
• Primary strategic goal: perpetual Kim family rule via
development of economy and nuclear weapons
• Primary drivers of security strategy:
o Deterring foreign intervention by obtaining
nuclear capabilities
o Eliminating perceived threats to Kim regime
o Belief that North Korea is entitled to respect as
a world power
• “Cyberwarfare is an all-purpose sword that
guarantees the North Korean People’s Armed
Forces ruthless striking capability, along with nuclear
weapons and missiles.” – Kim Jong-un (2013)
• Reportedly has 7,000 cyber warriors
• 300% increase in the volume of activity to and from
North Korean …
03/25/2021
TLP: WHITE, ID# 202103251030
Agenda
• DPRK National Interests
• Timeline of Recent Activity
• Overview of DPRK APT Groups
• APT Threat Actor Profiles
o HIDDEN COBRA
o Andariel
o APT37
o APT38
o TEMP.Hermit
o TEMP.Firework
o Kimsuky
o Bureau 121
o Bureau 325
• Recommendations
• Outlook
Slides Key:
Non-Technical: Managerial, strategic and highlevel (general audience)
Technical: Tactical / IOCs; requiring in-depth
knowledge (sysadmins, IRT)
2
DPRK National Interests
• North Korea, officially the Democratic People’s
Republic of Korea (DPRK)
• Supreme leader: Kim Jong-un (since 2011)
• Primary strategic goal: perpetual Kim family rule via
development of economy and nuclear weapons
• Primary drivers of security strategy:
o Deterring foreign intervention by obtaining
nuclear capabilities
o Eliminating perceived threats to Kim regime
o Belief that North Korea is entitled to respect as
a world power
• “Cyberwarfare is an all-purpose sword that
guarantees the North Korean People’s Armed
Forces ruthless striking capability, along with nuclear
weapons and missiles.” – Kim Jong-un (2013)
• Reportedly has 7,000 cyber warriors
• 300% increase in the volume of activity to and from
North Korean …