[북한 관련 UN 보고서] 북한의 사이버테러 방식 정리(Annex 22)

 

Annex 22: Information on patterns and methods of DPRK cyber attacks 

 

1. After selecting a target, malicious DPRK cyber actors research employees and organizations looking for vectors of attack. Attacks frequently involve one or more of the following tactics employed against a single target: engaging in spear phishing attacks; engaging in Watering Hole attacks whereby hackers compromise sites likely to be visited by a particular target group; and exploiting existing, well known software vulnerabilities which the target is believed to have left unpatched. After establishing an initial foothold, DPRK hackers then work to move laterally and elevate their privileges within a system; establishing as much control as possible before attempting to execute a cyber-theft. These patterns of attack are not unique to DPRK hackers, what distinguishes them are the targets they select (such as financial institutions) and that following completion of their goals (or upon discovery) DPRK hackers are often willing to destroy large amounts of data to cover their tracks or distract targets while the theft is in process.74

2. Examples of these tactics include spear phishing attacks in the form of job applications which were sent to employees of the Bangladesh Bank in the February 2016 attack and used to compromise computers controlled by the bank. 75 In 2017, DPRK cyber actors infected the website of the Polish Financial Supervision Authority with malware programed to only download onto computers which visited the site if they were from 104 pre-selected financial institutions and telecom companies.76 In March 2017 the security vulnerability known as CVE-2017-0144 which affected computers running some versions of the Windows operating system became known. Patches were not initially available for Windows XP though and in May 2017 DPRK hackers deployed the WannaCry ransomware worm targeting older computers running Windows XP which had not patched the vulnerability.77 Finally, in 2018, as part of a cyber-heist targeting a Chilean bank, DPRK hackers destroyed data on approximately 9,000 bank-owned computers in order to distract bank employees from the theft of $10 million.78