WASHINGTON — In the latest indication that North Korea's cyber operations are more sophisticated than commonly realized, computer security researchers have identified a group of government hackers and spies in the hermit kingdom who are capable of stealing documents from computers that aren't connected to the internet.
In a new paper published Tuesday morning, leading cyber security firm FireEye says its iSight intelligence arm has tracked a national-security related spying arm it calls APT37 that has "expanded its operations in both scope and sophistication."
That hacking group — which is not the one that attacked Sony Pictures entertainment in December 2014 — has been active since 2012 and focuses on defense targets in South Korea, FireEye says.
During a visit to North Korea's border on March 17, Secretary of State Rex Tillerson was unwittingly photographed by a North Korean soldier, who can be seen peering into the room on the right side of the image.
President Trump called North Korean dictator Kim Jong Un 'a pretty smart cookie' in an interview that went viral on April 30.
'At a very young age, he was able to assume power. A lot of people, I'm sure, tried to take that power away, whether it was his uncle or anybody else. And he was able to do it. So obviously, he's a pretty smart cookie,' Trump told CBS News.
The president also said he'd be 'honored' to meet with the North Korean leader.
KIM JONG UN'S LETTER TO CONGRESS
In early May, North Korea said it would continue its nuclear weapons tests and boost force 'to the maximum' in a stark warning to the U.S.
U.N. Ambassador Nikki Haley said North Korea's actions were 'quickly closing off the possibility of a diplomatic solution' and that the United States was prepared to use force 'if we must.'
'PILE OF ASH'
In a bold statement, North Korea threatened to turn the U.S. into a 'pile of ash' on July 12.
US THREATENED WITH 'MERCILESS BLOW'
On July 27, a North Korean spokesperson said, 'Should the U.S. dare to show even the slightest sign of attempt to remove our supreme leadership, we will strike a merciless blow at the heart of the U.S. with our powerful nuclear hammer, honed and hardened over time.'
On December 20, it was reported that North Korea is testing whether its ICBM weapons are capable of carrying anthrax.
Discover More Like This
BACK TO SLIDE
"Their malware is quite sophisticated and is capable of stealing documents from the air-gapped or disconnected networks," says a CrowdStrike intelligence paper. "Primary targets include government, military, defense, finance, energy and electric utility sectors."
Keeping sensitive information on computers disconnected from the internet is a primary method of defending it from hackers. The ability to jump that "air gap," was once limited to a small number of sophisticated countries, but it has become more common, experts say. For example, last year, researchers showed how a tiny drone can steal information by reading a computer's blinking LED lights.
John Hultquist, FireEye's manager of analysis, told NBC News: "There is no question that North Korea has become increasingly aggressive with their use of cyber capabilities. They are not just focused on espionage - we've seen them use it for attack, we've seen them use it for crime. A lot of that has been a fairly well-known group that's been tracked fairly well."
APT37 or Labyrinth Chollima, he added, "isn't as well known, has always been South Korea-focused, has stayed in the shadows."
However, he said, "They are showing up in places outside South Korea, continuing to expand capabilities. If we don't pay attention to this actor, we risk being surprised again."
The group has regularly exploited what are known as "zero day vulnerabilities," Hultquist said — previously unknown flaws in operating systems that allow hackers to breach defenses and can sell for hundreds of thousands of dollars on the black market.
The U.S. intelligence community is also tracking North Korea's cyber operations. In a worldwide threats assessment last week, intelligence agencies said: "We expect the heavily sanctioned North Korea to use cyber operations to raise funds and to gather intelligence or launch attacks on South Korea and the United States. Pyongyang probably has a number of techniques and tools it can use to achieve a range of offensive effects with little or no warning, including distributed denial of service attacks, data deletion, and deployment of ransomware."
According to FireEye, APT37 has targeted a Middle Eastern company that entered into a joint venture with the North Korean Government to provide telecommunications service to the country; the general director of a Vietnamese international trading and transport company; and possibly individuals working with Olympics organizations assisting in securing resources for athletes.
RELATED: Everything you didn't know about Kim Jong Un
Everything you didn't know about Kim Jong Un
Everything you didn't know about Kim Jong Un
1. While Kim Jong Un's birthday on January 8 is a national holiday, it is unknown exactly how old the North Korean leader is. It's widely believed he is in his early-mid thirties. In 2016, the U.S. Treasury Department listed his birth year as 1984 when they placed sanctions on North Korea.
(KCNA via REUTERS)
2. Kim Jong Un is the world's youngest leader, according to the date listed by the Treasury.
3. Kim Jong Un is very passionate about basketball. He is reportedly a big fan of Michael Jordan and has a friendly relationship with Jordan's former Chicago Bulls teammate Dennis Rodman. Rodman has visited the secluded nation multiple times and even sang him "Happy Birthday" before an exhibition game in Jan. 2014.
5. Kim Jong Un's older half-brother Kim Jong Nam was killed in Feb. 2017 by two women who smeared VX nerve agent on his face at an airport in Kuala Lumpur. The women were arrested following his death. Many believe the hit was directed by North Korea.
6. Kim Jong Un has two college degrees. One is in physics from Kim il Sung University and another as an Army officer obtained from the Kim Il Sung Military University.
7. Kim Jong Un attended boarding school in Switzerland. It is widely disputed how much time he spent at the school. Most reports say he was abroad from 1998-2000.
8. Kim Jong Un is the only general in the world that does not have any military experience.
9. He married Ri Sol Ju in 2009. The couple has at least one daughter named Ju Ae.
10. Kim Jong Un had his uncle Jang Song Thaek arrested and executed for treachery in 2013.
11. Kim Jong Un hand selected North Korea's first all-female music group -- Moranbong Band. They made their debut in 2012.
(ED JONES/AFP/Getty Images)
Discover More Like This
BACK TO SLIDE
The group also has hacked a research fellow, advisory member, and journalist associated with North Korean human rights issues and a Japanese organization associated with the United Nations missions on sanctions and human rights, FireEye said.
CrowdStrike says APT37 or Labrinth Chollima is one of three main cyber actors in the North Korean government that some researchers collectively call the Lazarus group. The others are Silent Chollima, which is involved in destructive attacks and is believed responsible for the hack that destroyed Sony computers in 2014.
A group CrowdStrike calls Stardust Chollima is mainly involved in stealing money, said Dmitri Alperovitch, CrowdStrike's co-founder, whp helped the Democratic National Committee identify and respond to the Russian hack of its systems during the 2016 presidential election.
This was the group that has targeted the SWIFT (Society for Worldwide Interbank Financial Telecommunication) system and global banking networks, and was able to steal $81 million from Bangladesh's central bank, officials have said.
U.S. intelligence officials have linked North Korea to the WannaCry ransomware attack, an outbreak of malware last year reported to have infected more than 230,000 computers in over 150 countries, making data irretrievable in many cases.
Kim Heung-Kwang, a former North Korean computer expert who defected to the south in 2004, told NBC News in an interview in Seoul last year that the North has trained thousands of military hackers capable of inflicting damage on South Korean and Western infrastructure.
"North Korea is able to use its cyber army to attack South Korea and the U.S.," he said.