North Korean hackers are trained at Kim Il Military University, also known as Mirim University. They are mainly active in Shenyang, Shanghai and Hainan in China, and it is believed that North Korean hackers operating overseas are also working in Iran They are known to work with Chinese hackers near Mirim Airbase in Pyongyang.
If one looks at the number of hackers operating in North Korea based on their internet protocol (IP) addresses, approximately 150 key hackers are engaged in high-level hacking missions targeting the military and financial sectors of the United States, South Korea and Japan, and they have recently been assigned new tasks related to genes and genetic modification.
Given that North Korean hackers’ IP addresses along with Chinese IP addresses are often in the same location, it is important to keep in mind the possibility of joint activities by Chinese and North Korean hackers.
Whether hackers operating in North Korea or those operating abroad are considered the most skilled depends on the precise nature of the activities in question and the amounts earned from such hacking. Nevertheless, one of the reasons why hackers in North Korea are so proficient is because they work with Chinese hackers.
It is difficult to define in detail all the recent trends of North Korean hackers, but one can focus on the activities of well-known IP addresses in North Korea that have been used for hacking recently. I can not disclose all of them, or any of them in full, but I will partially reveal three IP addresses below out of 100 in North Korea.
185.176.XXX.XX
185.152.XXX.XX
178.175.XXX.XX
If one keeps an eye on North Korean hackers’ trends, one will probably be aware of 20 to 30 IP addresses that are used quite frequently, but if one considers only those IP addresses that are currently active in North Korea, their activities are described below.
Recently, North Korean hackers have been working on stealing industrial information, technology, and data from computers of key individuals in those fields. In particular, they focus on hacking people in charge of nuclear weapons and missiles in relation to national defense, and there are traces of collaboration with Chinese hackers. In addition, they attempt indiscriminate hacking of Korea Advanced Institute of Science and Techology professors and students in South Korea, and the personal computers of many politicians in the ruling and opposition parties have also been exposed to hacking.
To mention a few technical matters, one of the North’s hacking methods is the “denial of service” approach of the past, and there have been many attempts to hack by taking advantage of the vulnerability of earlier computer technology. In other words, hackers were known to neutralize blockchain by utilizing the structural weakness of the computer. Since the latest computers are speed-critical, they include more than a few steps to compensate for the weakness of slow encryption in order to increase speed.
North Korea’s main hacking targets are the defense and financial sectors, and in particular, they use virtual currency as a channel for financing the North Korean regime. Since the end of last year, along with the Chinese, they have been interested in hacking into gene-related companies, as well as in the areas of genetic manipulation, hospitals, and patients’ prescriptions. North Korean hackers are constantly on the move while the world is distracted by the Coronavirus.
