Cyber Security Weekly Podcast

Cyber Security Weekly Podcast


Episode 303 - North Korean Cyber Activities – perspectives from South Korea

December 21, 2021

Jane Lo, Singapore Correspondent speaks with Kyoung-ju Kwak is a head of TALON, CTI Group of S2W. Kyoung-ju currently works on threat intelligence.

 

He was previously Adjunct Professor at Sungkyunkwan University and audited the National SCADA system and the Ministry of Land with “the Board of Audit and Inspection of Korea” as an Auditor General in 2016. He currently acts as a member of the National Police Agency Cybercrime Advisory Committee.

 

Kay is the main author of the threat intelligence report “Campaign Rifle: Andariel, the Maiden of Anguish”, published in 2017. In the report, he firstly attributed new threat actor, Andariel. He has spoken at various international conferences such as BlackHat Europe, BlackHat Asia, Kaspersky SAS, HITCON, PACSEC, and more.

 

In this podcast, Kay provided insights on the cyber activities of North Korea, given his expertise in darkweb intelligence and experience in understanding the North Korea cyber threat landscape, and his firm’s (S2W) support to Interpol’s recent Operation Cyclone.

 

He shared his views on how North Korea cyber activities under threat actor groups such as Lazarus and Andariel (APT39), compared to other nation state actors in terms of levels of sophistication (for examples, reconnaissance and social engineering) and attacking styles.

 

Notwithstanding the challenges in attributions, he pointed to the extra care the cyber threat intelligence (CTI ) researchers exercised in publishing their work in reverse engineering and the risks of over disclosure.

 

Given North Korea high profile cyber attacks and its evolution into an advanced threat actor, he also gave his thoughts on how the nation group gained their cyber skills and expertise over the years.

 

Despite the relative decline of number of cyber incidents attributed to North Korea last year, and the successful efforts by Europol and Interpol, Kay cautioned cyber defenders against jumping too quickly to the conclusion of a slow-down in the cyber threat landscape of North Korea.

 

Recorded 10th December 2021, Korea Standard Time (9am)/Singapore (8am).