North Korea has become 'increasingly aggressive' in cyber warfare

WASHINGTON — In the latest indication that North Korea's cyber operations are more sophisticated than commonly realized, computer security researchers have identified a group of government hackers and spies in the hermit kingdom who are capable of stealing documents from computers that aren't connected to the internet.

In a new paper published Tuesday morning, leading cyber security firm FireEye says its iSight intelligence arm has tracked a national-security related spying arm it calls APT37 that has "expanded its operations in both scope and sophistication."

That hacking group — which is not the one that attacked Sony Pictures entertainment in December 2014 — has been active since 2012 and focuses on defense targets in South Korea, FireEye says.

Click here to read the report

CrowdStrike, another top cyber security firm, told NBC News it identifies the group by the name "Labyrinth Chollima."

RELATED: Key moments in 2017 between the US and North Korea

34 PHOTOS
Key moments in 2017 between US and North Korea
See Gallery
Key moments in 2017 between US and North Korea

NEW YEARS DAY MISSILE LAUNCH

On January 1, 2017, North Korea's leader Kim Jong Un warned that an intercontinental ballistic missile (ICBM) was in the 'final stages' of development.

The nation said it could conduct a missile test-launch 'anytime and anywhere'.

On February 12, North Korea tested a ballistic missile, but it didn't appear to be an ICBM due to its flight range.

NUCLEAR CRISIS AT MAR-A-LAGO

President Trump was at his Florida resort Mar-a-Lago having dinner with Japanese Prime Minster Shinzo Abe when news broke that North Korea had launched a ballistic missile on February 12.

The president sparked controversy by reportedly discussing the event in front of Mar-a-Lago diners while continuing his meal with the Japanese leader and other guests. 

'MERCILESS' STRIKES

On March 5, North Korea sent an inflammatory message to the U.S. by firing four ballistic missiles into the sea near Japan.

The U.S. deployed an anti-missile system in South Korea the following day.

In response, North Korea warned of 'merciless' strikes against the U.S.

Secretary of State Rex Tillerson said military action against Pyongyang was 'on the table' and Trump tweeted that the nation is 'behaving very badly.'

COVERT PHOTO OF TILLERSON

During a visit to North Korea's border on March 17, Secretary of State Rex Tillerson was unwittingly photographed by a North Korean soldier, who can be seen peering into the room on the right side of the image.

The next day, Rex Tillerson said the threat of North Korea is 'imminent.'

BOLD MISSILE STRIKE

North Korea tested another ballistic missile shortly before President Trump's planned meeting with Chinese President Xi Jinping on April 5.

Rex Tillerson responded by saying the U.S. 'has spoken enough.' Trump later said the nation 'is looking for trouble.'

The U.S. military warned it was 'prepared to launch a preemptive strike' against North Korea if there were signs the country was planning to test a nuclear weapon.

POLL SHOWS US CONCERNS

A poll conducted by CBS News in April showed that more than half of Americans said they were 'uneasy' about President Trump's ability to deal with North Korea.

FAILED MISSILE TEST

North Korea celebrated the 105th anniversary of Kim Il Sung's birth, North Korea's founder, by unveiling powerful new missiles in April.

The next day, a North Korean missile 'blew up' just a few hours before Vice President Mike Pence arrived in South Korea for a diplomatic trip.

TENSE BACK-AND-FORTH

On April 27, North Korea released a video showing a simulation of a White House attack. 

President Trump responded by saying a 'major, major conflict' with North Korea was 'absolutely' possible.

The next day, Pyongyang unsuccessfully test-fired another ballistic missile in an act of bold defiance against international pressure to curb its nuclear program.

'PRETTY SMART COOKIE'

President Trump called North Korean dictator Kim Jong Un 'a pretty smart cookie' in an interview that went viral on April 30.

'At a very young age, he was able to assume power. A lot of people, I'm sure, tried to take that power away, whether it was his uncle or anybody else. And he was able to do it. So obviously, he's a pretty smart cookie,' Trump told CBS News.

The president also said he'd be 'honored' to meet with the North Korean leader.

KIM JONG UN'S LETTER TO CONGRESS

In early May, North Korea said it would continue its nuclear weapons tests and boost force 'to the maximum' in a stark warning to the U.S.

Pyongyang also condemned President Trump for directing the peninsula to the 'brink of nuclear war.'

Soon after, North Korea sent a rare letter to the U.S. House of Representatives to protest tougher sanctions on the nation.

TRUMP GETS HEAT AT HOME

In Washington, Trump was met with criticism from several lawmakers over his handling of North Korea.

Former Secretary of State Condoleezza Rice sounded off on the issue, saying Trump 'can't meet with Kim Jong Un' as he'd discussed.

MISSILE TEST CONFIRMS ADVANCEMENT

On May 13, North Korea carried out another ballistic missile test-launch, which landed in the sea near Russia.

Pyongyang said the launch was aimed at confirming the country could carry large nuclear warheads, signaling an advancement in their development.

'MADMAN' LEAK

In late May, a transcript of a phone call between President Trump and Philippine President Rodrigo Duterte was leaked to the public.

The transcript showed President Trump call North Korea's leader a 'madman with nuclear weapons' who could not be let on the loose.

'BIGGER GIFT PACKAGE' FOR US

As tensions continued to ramp up in May, North Korea launched another ballistic missile test and warned the U.S. of a 'bigger gift package' in the future.

The U.S. responded by issuing new sanctions on Pyongyang.

Meanwhile, experts cautioned that the U.S. 'may not be able to stop' the threat of North Korean nuclear missiles.

US PREPARES FOR NUCLEAR THREAT

Several states began to carry out nuclear attack drills to prepare for potential threats.

New York City set up a triage simulation at MetLife Stadium and Hawaii's government called for school evacuation drills.

DENNIS RODMAN VISITS PYONGYANG

Former NBA star Dennis Rodman arrived in North Korea in June.

'I'm just trying to open the door,' he told reporters. 'My purpose is to actually to see if I can keep bringing sports to North Korea, so that's the main thing.'

OTTO WARMBIER

Otto Warmbier, a 22-year-old University of Virginia student from suburban Cincinnati, was released from North Korean custody on June 13.

Warmbier had been imprisoned in North Korea since early 2016 after he was accused of trying to steal a propaganda sign from a hotel while visiting the country as a tourist.

After the announcement of his release, Warmbier was photographed comatose and being carried off a plane with a tube in his nose. It was discovered that he had been in a coma for the past year.

North Korean officials said he got botulism and was given a sleeping pill, but never woke up.

Warmbier's father said his son suffered a serious neurological injury was 'brutalized.'

Otto Warmbier died on June 19 from lack of oxygen and blood to the brain, according to a U.S. coroner.

TRADING INSULTS

President Trump tweeted in June that diplomacy 'has not worked out' with North Korea, suggesting a potential change in policy.

Pyongyang called Trump a 'psychopath' two days later.

SUCCESSFUL LAUNCH OF ICBM

On July 4, North Korea successfully test-launched an ICBM for the first time ever. The missile flew a trajectory that could hit Alaska.

President Trump responded via Twitter: 'North Korea has just launched another missile. Does this guy have anything better to do with his life?...'

The president later vowed to 'confront very strongly' the issue of North Korea's 'very, very bad behavior.'

U.N. Ambassador Nikki Haley said North Korea's actions were 'quickly closing off the possibility of a diplomatic solution' and that the United States was prepared to use force 'if we must.'

'PILE OF ASH'

In a bold statement, North Korea threatened to turn the U.S. into a 'pile of ash' on July 12.

US THREATENED WITH 'MERCILESS BLOW'

On July 27, a North Korean spokesperson said, 'Should the U.S. dare to show even the slightest sign of attempt to remove our supreme leadership, we will strike a merciless blow at the heart of the U.S. with our powerful nuclear hammer, honed and hardened over time.'

The following day, North Korea fired a missile in an unusual late-night test-launch.

MISSILE LAUNCH BROKE RECORD

The Pentagon reported that North Korea's latest ICBM launch on July 28 was the longest test in their history.

The U.S. responded by successfully test-launching an ICBM  from California.

The U.S. also issued a ban on American passport holders traveling to North Korea that took effect on September 1.

TRUMP WARNS OF 'FIRE AND FURY'

In early August, President Trump warned that North Korea would be met with 'fire and fury' if it continued to threaten the United States.

In response, North Korea said it was considering a missile strike on the U.S. Pacific territory of Guam.

POLL SHOWS US VIEW OF THREAT

A CNN poll in August showed that most Americans saw North Korea as a 'very serious threat' at that point.

US TOLD TO 'ACT PROPERLY'

President Trump said the U.S. military was 'locked and loaded' in a series of new threats against Pyongyang.

North Korea responded by saying, 'If the Trump administration does not want the American empire to meet its tragic doom..., they had better talk and act properly.'

MISSILE FLIES NEAR JAPAN

On August 29, North Korea fired a missile over Japan that landed in waters near the country, marking a major escalation of tensions on the Korean peninsula.

After the missile launch, President Trump said 'all options are on the table.'

'ASHES AND DARKNESS'

After Pyongyang conducted its biggest missile test to date on August 29, one of its top diplomats said it was ready to send 'more gift packages' to the United States.

North Korea later threatened to 'sink' Japan and reduce the United States to 'ashes and darkness.'

On September 15, North Korea carried out another missile test-launch.

'ROCKET MAN'

President Trump called North Korean leader Kim Jong Un 'rocket man' twice, first during an address before the U.N. General Assembly in September and again on Twitter:

'I spoke with President Moon of South Korea last night. Asked him how Rocket Man is doing. Long gas lines forming in North Korea. Too bad!'

Trump claimed the nickname was meant to be a compliment.

'DOTARD'

Kim Jong Un called President Trump 'mentally deranged' and said he would 'totally destroy' the U.S. after he was dubbed 'rocket man' in a U.N. speech.

The North Korean leader also slammed President Trump as 'a frightened dog,' a 'dotard' and  'gangster fond of playing with fire' in a statement released on September 22.

TRUMP VISITS ASIA

President Trump brought up North Korea during a trip to Japan in November, saying 'no dictator' should underestimate the U.S.

Trump's planned visit to the DMZ was canceled due to weather.

TRUMP CALLED 'OLD' BY KIM JONG UN

On November 11, President Trump posted a tweet:

'Why would Kim Jong-un insult me by calling me "old," when I would NEVER call him "short and fat?" Oh well, I try so hard to be his friend - and maybe someday that will happen!'

NOVEMBER MISSILE LAUNCH

North Korea fired what is believed to be an ICBM on November 28 that landed near Japan.

Trump responded by saying, 'It is a situation that we will handle.'

A North Korean official said the U.S. was 'begging for nuclear war' and participating in an 'extremely dangerous nuclear gamble.'

MORE ON NORTH KOREA

1. Kim Jong Un just had another baby

2. Meet North Korea's secret 'princess'

3. South Korea to create a 'decapitation unit' for Kim Jong Un

4. Kim Jong Un's half-brother murdered in attack at Malaysian airport

5. Study shows most Americans can't identify North Korea on a map

On December 20, it was reported that North Korea is testing whether its ICBM weapons are capable of carrying anthrax.
HIDE CAPTION
SHOW CAPTION
of
SEE ALL
BACK TO SLIDE

"Their malware is quite sophisticated and is capable of stealing documents from the air-gapped or disconnected networks," says a CrowdStrike intelligence paper. "Primary targets include government, military, defense, finance, energy and electric utility sectors."

Keeping sensitive information on computers disconnected from the internet is a primary method of defending it from hackers. The ability to jump that "air gap," was once limited to a small number of sophisticated countries, but it has become more common, experts say. For example, last year, researchers showed how a tiny drone can steal information by reading a computer's blinking LED lights.

John Hultquist, FireEye's manager of analysis, told NBC News: "There is no question that North Korea has become increasingly aggressive with their use of cyber capabilities. They are not just focused on espionage - we've seen them use it for attack, we've seen them use it for crime. A lot of that has been a fairly well-known group that's been tracked fairly well."

APT37 or Labyrinth Chollima, he added, "isn't as well known, has always been South Korea-focused, has stayed in the shadows."

However, he said, "They are showing up in places outside South Korea, continuing to expand capabilities. If we don't pay attention to this actor, we risk being surprised again."

The group has regularly exploited what are known as "zero day vulnerabilities," Hultquist said — previously unknown flaws in operating systems that allow hackers to breach defenses and can sell for hundreds of thousands of dollars on the black market.

The U.S. intelligence community is also tracking North Korea's cyber operations. In a worldwide threats assessment last week, intelligence agencies said: "We expect the heavily sanctioned North Korea to use cyber operations to raise funds and to gather intelligence or launch attacks on South Korea and the United States. Pyongyang probably has a number of techniques and tools it can use to achieve a range of offensive effects with little or no warning, including distributed denial of service attacks, data deletion, and deployment of ransomware."

According to FireEye, APT37 has targeted a Middle Eastern company that entered into a joint venture with the North Korean Government to provide telecommunications service to the country; the general director of a Vietnamese international trading and transport company; and possibly individuals working with Olympics organizations assisting in securing resources for athletes.

RELATED: Everything you didn't know about Kim Jong Un

11 PHOTOS
Everything you didn't know about Kim Jong Un
See Gallery
Everything you didn't know about Kim Jong Un

1. While Kim Jong Un's birthday on January 8 is a national holiday, it is unknown exactly how old the North Korean leader is. It's widely believed he is in his early-mid thirties. In 2016, the U.S. Treasury Department listed his birth year as 1984 when they placed sanctions on North Korea.

 (KCNA via REUTERS)

2. Kim Jong Un is the world's youngest leader, according to the date listed by the Treasury. 

(STR/AFP/Getty Images)

3. Kim Jong Un is very passionate about basketball. He is reportedly a big fan of Michael Jordan and has a friendly relationship with Jordan's former Chicago Bulls teammate Dennis Rodman. Rodman has visited the secluded nation multiple times and even sang him "Happy Birthday" before an exhibition game in Jan. 2014. 

(REUTERS/KCNA)

4. Kim Jong Un reportedly has a love for smoking, whiskey and cheese

(KCNA/via Reuters)

5. Kim Jong Un's older half-brother Kim Jong Nam was killed in Feb. 2017 by two women who smeared VX nerve agent on his face at an airport in Kuala Lumpur. The women were arrested following his death. Many believe the hit was directed by North Korea. 

(KCNA; REUTERS)

6. Kim Jong Un has two college degrees. One is in physics from Kim il Sung University and another as an Army officer obtained from the Kim Il Sung Military University.

(KCNA/REUTERS)

7. Kim Jong Un attended boarding school in Switzerland. It is widely disputed how much time he spent at the school. Most reports say he was abroad from 1998-2000. 

(KCNA/REUTERS)

8. Kim Jong Un is the only general in the world that does not have any military experience. 

(KCNA/REUTERS)

9. He married Ri Sol Ju in 2009. The couple has at least one daughter named Ju Ae. 

(KCNA/REUTERS)

10. Kim Jong Un had his uncle Jang Song Thaek arrested and executed for treachery in 2013. 

(REUTERS/Kyodo)

11. Kim Jong Un hand selected North Korea's first all-female music group -- Moranbong Band. They made their debut in 2012. 

(ED JONES/AFP/Getty Images)

HIDE CAPTION
SHOW CAPTION
of
SEE ALL
BACK TO SLIDE

The group also has hacked a research fellow, advisory member, and journalist associated with North Korean human rights issues and a Japanese organization associated with the United Nations missions on sanctions and human rights, FireEye said.

CrowdStrike says APT37 or Labrinth Chollima is one of three main cyber actors in the North Korean government that some researchers collectively call the Lazarus group. The others are Silent Chollima, which is involved in destructive attacks and is believed responsible for the hack that destroyed Sony computers in 2014.

A group CrowdStrike calls Stardust Chollima is mainly involved in stealing money, said Dmitri Alperovitch, CrowdStrike's co-founder, whp helped the Democratic National Committee identify and respond to the Russian hack of its systems during the 2016 presidential election.

This was the group that has targeted the SWIFT (Society for Worldwide Interbank Financial Telecommunication) system and global banking networks, and was able to steal $81 million from Bangladesh's central bank, officials have said.

U.S. intelligence officials have linked North Korea to the WannaCry ransomware attack, an outbreak of malware last year reported to have infected more than 230,000 computers in over 150 countries, making data irretrievable in many cases.

Kim Heung-Kwang, a former North Korean computer expert who defected to the south in 2004, told NBC News in an interview in Seoul last year that the North has trained thousands of military hackers capable of inflicting damage on South Korean and Western infrastructure.

"North Korea is able to use its cyber army to attack South Korea and the U.S.," he said.

Read Full Story