US, South Korea join forces to prevent cyberattacks by North Korea

Last month's malware attacks prompt move to prevent future cyberwarfare

Recent massive cyberattacks that paralyzed computer networks at several South Korean banks and broadcasters, strongly suspected to have been launched by North Korean hackers, have prompted Washington and Seoul to come up with tough new countermeasures to stop Pyongyang from waging information warfare in the future.

"The U.S. and South Korean militaries will cooperate to develop diverse deterrence scenarios against hacking attacks and increase anti-cyberwarfare forces to over 1,000 to better deal with emerging threats from countries like North Korea," said Kwon Kihyeon, a spokesman at South Korea's Ministry of National Defense.

Details of this new counterstrategy cannot be revealed now for security reasons, Kwon said. But the plan is to finish drafting the tactics by July, and test and review them during the next joint U.S.-South Korea military drills, which begin in late August, before they're implemented in October.

"The ministry will also set up a new department that acts as a control tower by integrating policies which defend military networks against hacking," Kwon added. "Its Cyber Command, a special unit of about 400 personnel members, currently manages the policies with other defense and intelligence organizations, but there is no coordinating body."

South Korea's military uses two computer networks that are much harder to launch DDoS (distributed denial of service) or malware attacks on than local civil networks, according to Kwon. This is because they are both intranets that are not connected to the Internet.

"The intranet used for military maneuvers can only be accessed by a small number of people," Kwon said. "Thus, it is very secure and couldn't fall victim to North Korean hacking. But more users can access the other intranet -- namely, all members of South Korea's military. So there's a tiny chance it could be infiltrated. Therefore, the U.S. and South Korean militaries will be drafting measures to better protect it," Kwon added.  


North Korea runs a cyberwarfare unit of at least 3,000 expert hackers with the aim of breaking into foreign computer networks to get information and spread computer viruses, according to Sung-Yoon Lee, a professor of Korean studies at the Fletcher School at Tufts University.

Last month's hacking assault on South Korea -- the largest in two years -- using malware, coupled with the recent military threats from Pyongyang directed at Seoul, have raised unprecedented concern about potential cyberterrorism by the North against the South. It's no wonder North Korea is widely suspected of carrying out the attack, Lee explained.

"In terms of the scale of the attack, I think it was probably North Korea. But the North was likely not going 100 percent full capacity. I would assume they can do more damage and go for more sensitive targets in South Korea, like jamming computer signals in airports, train stations and nuclear reactors," according to Lee.

"I think they were trying to send a message, 'This is what we can do to you; this is a small sample. So watch out, pay up and beware," he concluded.

Broadcasters KBS, MBC and YTN and three banks -- Shinhan, Nonghyup and Jeju -- as well as two insurance firms reported to local police on March 20 that their computer networks were halted for unknown reasons, said a Science, ICT and Future Planning Ministry official who declined to be named.

An analysis by security firm Kaspersky indicated that the attackers used a "Wiper"-style malware program to wipe data on infected computers. In addition, firm Sophos said that malware dubbed Mal/EncPk-ACE, or simply "DarkSeoul," was used in the attacks.

That official explained that his department had been newly created to take over the functions of the Korea Communications Commission as South Korea's civilian anti-hacking watchdog.

"As of March 29, banks and broadcasters hit by the hacking attack had fully normalized their networks. But the investigation into the attack has not yet been closed and we still don't know who masterminded it," the official said. "We're meeting related government agencies often to come up with stronger measures against cyberwarfare."

The defense ministry's Kwon said that in the future, the post of cyber security secretary will be created at the presidential office of Cheong Wa Dae to try to rapidly and efficiently cope with cyberattacks on key national organizations.

"The new anti-hacking watchdog and cyber security secretary, as well as the South Korean spy agency and cyber police, will work closely together to draw up a crisis management plan to cope with possible cyberterrorism against civilian networks," Kwon said. "The defense ministry, which is designing measures to protect its intranet against North Korean hacking, will help these agencies in their battle against cyberwarfare."

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about KasperskySophos

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jennifer Chang

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts