From Zero to Sixty: The Story of North Korea's Rapid Ascent to Becoming a Global Cyber Superpower

Presented at Black Hat Europe 2020 Virtual, Dec. 9, 2020, 12:30 p.m. (40 minutes).

In a relatively short period of time, North Korea has evolved its offensive cyber capability from that of a fledgling nation to a global cyber superpower. Having shifted their focus from purely destructive campaigns, which culminated in 2014 with the attack against Sony Pictures, North Korea appears to have shifted to a dual-pronged approach where they prioritize both maintaining control for the current Kim regime, as well as attacks designed to diversify and otherwise energize their economy. <br /> <br /> What's notable about North Korea is the rate at which they have modernized the speed of their offensive capabilities as well as the competency they have demonstrated relative to other nation-state actors. According to intelligence reporting, North Korea is the second fastest threat actor in terms of breakout time (how long it takes the actor once inside the network to move laterally). On average, it took North Korea 2 hours & 20 minutes to achieve breakout, whereas it took China an average of about 4 hours and Iran an average of about 5. In terms of their efficacy and the ability to engage in impactful attacks, the US National Security Council contends that North Korea has stolen at least $2 billion USD in the course of its malicious currency generation offensive cyber activity – more than any other known threat actor (both nation-state and criminal).<br /> <br /> Given the above, the purpose of this presentation is to illustrate from both a technical perspective as well as a strategy perspective how North Korea became the cyber superpower that they are today. By demonstrating and detonating malware variants that most of the world has never seen, this presentation will review major historical attacks, will assess the malware involved in these attacks, and will review how those attacks played into the larger strategic objectives of the North Korean regime.

Presenters:

  • Jason Rivera - Director: Strategic Threat Advisory Group, Global, CrowdStrike
    <p><span style="font-size: 10pt;" data-mce-style="font-size: 10pt;">Jason Rivera is an internationally experienced intelligence, cybersecurity, and national defense professional who possesses 14+ years of experience innovating at the intersection of security operations and technology. While in the private sector, Jason has advised and led the development of cyber intelligence programs for large Fortune 500 companies and US Government agencies. Prior to his entry into the private sector, Jason served as an Intelligence Officer in the U.S. Army where he attained the rank of Captain and participated in a variety of roles, including assignments at the National Security Agency (NSA), U.S. Cyber Command (USCYBERCOM), as well as having served in combat tours overseas. Jason possesses Master’s Degrees in Security Studies from Georgetown University, and Economics from the University of Oklahoma.</span></p>
  • Josh Burgess - Technical Lead Threat Intelligence Advisor, CrowdStrike
    <p><span style="font-size: 10pt;" data-mce-style="font-size: 10pt;">Josh Burgess has more than a decade of cyber threat analysis and mitigation experience serving in multiple positions including in the intelligence community, the Department of Defense, as well as the financial sector. In a majority of his roles he has served as the technical lead Threat Intelligence Officer for a large SOC to advise them of the latest threats and ensure a sound security posture. His main role in his current position at CrowdStrike is to support customers by applying his experience in actioning both short-term tactical as well as long-term strategic intelligence data and reporting. </span></p>

Links:

Similar Presentations: