North Korea Threat Landscape Update

Jan 24, 2024

Guest

Greg Schloemer

Guest

Matthew Kennedy

Guest

Sherrod DeGrippo

Sherrod DeGrippo, Greg Schloemer, and Matthew Kennedy discuss North Korean cyber operations, emphasizing their persistence, adaptability, and revenue generation through cryptocurrency theft. They explore the actions of the Lazarus group and its impact on North Korean cyber operations. The speakers also highlight Diamondsleet's software supply chain attack and the success of the Jade Sleet group in cryptocurrency thefts. They discuss North Korea's mindset of evolution, diverse techniques employed in cyber operations, and challenges of laundering stolen money. The speakers share their interests in cybersecurity and hope for regular updates on North Korea.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

APT Meets Cybercrime For Revenue

North Korean operations blend APT persistence with cybercrime revenue goals, making them both espionage-focused and profit-driven.
Lazarus and related clusters increasingly prioritize cryptocurrency theft as a state-directed funding mechanism for the regime.

ANECDOTE

Sony Attack Marked A Strategic Shift

The 2014 Sony Pictures attack was a turning point that pushed North Korea into global attention by targeting a private company over a satirical film.
That provocative action signaled a new willingness to strike symbolic non-state targets, shaping later operations.

ADVICE

Treat Signed Software As Potentially Malicious

Monitor and respond quickly to software supply chain compromises because signed, legitimate apps can be weaponized to reach global users.
Expect stolen code signing certificates, anti-reverse tricks, and timing logic like malware that runs only at specific times.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Greg Schloemer and Matthew Kennedy. Sherrod, Greg, and Matthew discuss North Korean cyber operations, highlighting the unique aspects that set North Korea apart, emphasizing North Korea's persistence, adaptability, and the blending of APT and cybercrime elements, mainly focusing on revenue generation through activities like cryptocurrency theft. The discussion touches on the notorious Lazarus group, known for the Sony Pictures attack and WannaCry, and how their actions captured global attention. Sherrod, Greg, and Matthew also share personal insight into why they're drawn to this particular area of cybersecurity, offering listeners a unique perspective on the motivations and passions driving those at the forefront of defending our digital world.

In this episode you’ll learn:

The evolution of North Korean cyber operations
How cryptocurrency theft is used as a means to support the state
North Korea's unique approach to cyber operations and strategic evolution over time

Some questions we ask:

How much work have you put into becoming a blockchain and cryptocurrency expert?
What challenges arise in defending against these specific software supply chain attacks?
Why are you interested in working on North Korea-related cybersecurity?

Resources:

View Greg Schloemer on LinkedIn

View Matthew Kennedy on LinkedIn

View Sherrod DeGrippo on LinkedIn

Diamond Sleet supply chain compromise distributes a modified CyberLink installer

Related Microsoft Podcasts:

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Get the latest threat intelligence insights and guidance at Microsoft Security Insider

The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.