Thursday08 December 2022

Recent North Korean Internet Outages Potentially Caused by One Person with a Grudge

Reading time is around minutes.

In early January 2021 North Korean hackers were in the midst of a campaign targeting western security researchers. They were looking to gather tools, vulnerability information and anything else of value they could get. The US, after learning about this attack did not have a significant response to the threat. Of course, the country was going through a bit of a political turmoil at the time, but there still should have been some sort of response to help prevent further attacks.

Now a person claiming to be one of the researchers targeted has come forward and spoken to Wired about the incident. According to the report at Wired the researcher, who goes be the handle P4x felt offended that they were personally targeted. They stated that they were able to stop the attack before anything of value was taken, but still felt the lack of response on the part of the US was a bad move.

P4x decided to do a little digging into the way North Korea operates and was able to find some new vulnerabilities that allowed a single-handed DDoS to be automated and run. These attacks took out almost the entire country of North Korea in two successive attacks. Internal web sites and other infrastructure was simply offline for several hours during each attack. The attacks also happened to coincide with tests (illegal tests) being run by North Korea of their new missile systems.

So far, the attacks have been effective at taking down North Korean state run sites and certain infrastructure, but it is not likely to have a significant impact on government operations including their hacking activities. They are sure to continue those either based inside their own country borders, or from remote locations that are less targetable by responses like this.

Still the attacks are sure to have an effect and as P4x has stated, they also allow enumeration of the targets in question so that more impacting vulnerabilities can be found in them. His next steps are to continue the harassment and expand his activities to data collection. To do this he wants to recruit other hacktivists to his cause. He has created a group called FUNK (FU North Korea) and hopes that others will join him in his efforts to send a signal to North Korea.

Others in the security world, including some researchers that were also targeted, say this might not be the right way to do things. Their concern is that thought this type of harassment and attack it may allow North Korea to find regular intelligence gathering operations that are in progress. This could set those “legitimate” operations back quite a bit while a personal vendetta is settled.

No matter the side you are on in that argument, most agree that the complete lack of response by CISA, the Cybersecurity and Infrastructure Security Agency (under redundant in the dictionary it says see redundant) is a failure. Regardless of the fact that these targets were individual researchers there should have at least been a statement and the affected people contacted. The lack of one does embolden attackers in the future.

Time will tell what if any true impact this new campaign will have or if FUNK will get off the ground, it will be interesting to watch though.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.