While North Korea threatens to launch a nuclear war against the US, the rogue regime is already fighting a covert global war — from India.
Researchers have found that North Korean cyber warriors might be launching global attacks from India. “North Korea is not using territorial resources to conduct cyber operations and most North Korean state-sponsored activity is likely perpetrated from abroad,” said a report by Recorded Future, a cyber security company.
The report says there are significant physical and virtual North Korean presences in several nations around the world where North Koreans are likely engaging in malicious cyber and criminal activities.
These nations include India, Malaysia, New Zealand, Nepal, Kenya, Mozambique, and Indonesia.
According to the report, the near-absence of malicious cyber activity from the North Korean mainland from April to July 2017 indicates that the most state-sponsored cyber attacks are perpetrated from abroad.
Nearly one-fifth of all activity observed during this time period, the report claimed, involved India.
The researchers say North Korean hackers could also have a virtual presence in India. However, the report insinuates that India’s “close” relations with North Korea could also be a factor.
“It is clear that North Korea has a broad physical and virtual presence in India. Characterized by the Indian Ministry of External Affairs as a relationship of “friendship, cooperation, and understanding,” the data we analyzed supports the reports of increasingly close diplomatic and trade relationship between India and North Korea,” the report says.
The report says that North Korea might have students in at least seven Indian universities and might also be working with several research institutes and government departments.
According to the report, some North Korean users were conducting research, or possibly even network reconnaissance, on a number of foreign laboratories and research centers in the April-July period. “In particular, activity targeting the Indian Space Research Organization’s National Remote Sensing Centre, the Indian National Metallurgical Laboratory, and the Philippines Department of Science and Technology Advanced Science and Technology Research Institutes raised flags of suspicion, but we could not confirm malicious behavior,” the report says.
In April this year, cyber security firm Kaspersky Lab revealed a direct connection between North Korea and Lazarus, a hacking group whose activities dating back to 2009 have been documented by the world’s biggest cyber security firms. Kaspersky had also linked the recent wave of WannaCry ransomware attacks on Indian companies to the Lazarus group.
Two years ago, a North Korean defector had revealed how Bureau 121, a group of North Korean hackers, operated secretly from a Chinese town for years. These hackers used to enter China as office workers, business executives and diplomatic staffers. They did their regular jobs in the day time and worked as hackers in free time taking directions from their bosses in North Korea.