The new report by FireEye is interesting reading because it is North Korean hackers. There is very little known about them that makes it into the public domain. There is a business summary of the report and the surrounding comments about it in the Journal today. [note: The on-line version of the FireEye report is hard to read on mobile. It has light, small-font text that needs a bigger screen.]
There are a couple of things worth noting here. First, the North Koreans no longer care if they can be identified as hackers from the North. They may get a certain amount of propaganda value from people knowing that the attacks and collection activity come from the North. That seems to be par for the course from these guys. The North does physical and cyber attacks without trying to hide the source, thus give any deniability to the government. Apparently, they don’t care.
Second, they are using known exploits of common vulnerabilities. The attacks are not very sophisticated, but the FireEye report says they are getting better over time, improving command and control to avoid normal detection. Anyone would do that just to save themselves effort in switching attack vectors because of detection.
No comments:
Post a Comment