India and a handful of other countries are unwittingly aiding North Korea as it carries out cyberattacks against its enemies.
The New York Times last week reported how Kim Jong-un’s regime has ramped up its cyberwarfare capabilities, creating an army of 6,000 hackers to obtain military intelligence, launch denial-of-service attacks, and steal potentially billions of dollars from foreign countries. Earlier this month a South Korean law maker announced that its neighbor had last year hacked and stolen war plans prepared with the US.
Yet the country’s suspect cyber activities are unlikely to be coming only from inside North Korea itself. A report earlier this year from security threat intelligence company Recorded Future suggests that North Koreans could be orchestrating many of these attacks while located physically in other nation states.
“North Korea is not using territorial resources to conduct cyber operations and most North Korean state-sponsored activity is likely perpetrated from abroad, which presents an opportunity to apply asymmetric pressure on the Kim regime,” said the company in a post in July about the research.
Researchers came to this conclusion by observing the patterns between April and July 2017 of North Korea’s use of the global internet (as opposed to its domestic, state-run internet), which is accessible only to the country’s ultra-elite. They found that visits to foreign news and social media sites remained common, but discovered few signs of malicious cyberactivity.
However, analyzing the same data revealed that one-fifth of the activity emanating from three North Korean IP address ranges was going to and from India. High amounts of activity also occurred to and from New Zealand, Malaysia, Nepal, Kenya, Mozambique, the Philippines and Indonesia.
“Large, large, large amounts of data transfers between a number of Indian science and technology research centers and Philippine government research centers. It’s not clear what was happening there, but it certainly looked like the organizations themselves, and maybe their researcher technology is certainly of interest to some North Koreans” said Priscilla Moriuchi director of strategic threat development at Recorded Future, in a podcast.
The organizations in India that appeared to attract interest included the Indian Space Research Organisation’s National Remote Sensing Centre, and the Indian National Metallurgical Laboratory.
Recorded Future notes that the data doesn’t reveal any smoking gun pointing to North Korean cyberattacks emanating from India. However, the firm adds that the pattern of activity to and from India and the six other country’s mirrors that from China. There, in cities like Shenyang in the northeast, North Korea has sent teams to carry out covert hacking operations. It’s possible, Moriuchi told Quartz via email, that similar teams are deployed in India and elsewhere.
“There are no North Koreans living abroad, aside from those who have defected, who were not given explicit permission for a specific purpose to live outside of North Korea,” Moriuchi told Quartz via email. “Every North Korean living outside the country in one form or another is providing a service or fulfilling a role for the North Korean government.” This includes activities like counterfeiting and malicious cyberactivity, she added.
“We are not implying that the Indian government is complicit with, supportive, or even knowledgeable of the North Korean presence in their country, our data simply tells us that it is there,” says Moriuchi. An official at India’s Ministry of Electronics and Information Technology didn’t immediately respond to an email request for comment.
India has long held diplomatic relations with North Korea. Throughout 2016 it remained one of the isolated regime’s top trading partners, exporting $108 million to North Korea and importing $97.8 million from it. A handful of students have studied at Indian research institutes, despite UN sanctions that prevent member nations from providing training that could potentially aid its nuclear program. In April 2017, however, India said it would suspend all trade with North Korea, excluding medicine and food.