author photo
By Bruce Sussman
Fri | Mar 2, 2018 | 4:54 AM PST

Coverage of North Korean hacking group APT37 spilled over into mainstream media this week, as security researchers revealed the hacking group is expanding to a larger set of international targets, including business.

NBC News cited a CrowdStrike report that the group can steal information from air-gapped networks.

"Their malware is quite sophisticated and is capable of stealing documents from the air-gapped or disconnected networks. Primary targets include government, military, defense, finance, energy and electric utility sectors," CrowdStrike told NBC.

North Korea and how many other hackers?

Truthfully, North Korea is probably not the only nation-state that may be capable of doing this.

WIRED recently featured Israeli researcher Mordechai Guri, who has figured out—and tested out—jumping the air gap in an unexpected way. He's not trying to break in through the air gap. Instead, he's able to pull information out through it. 

"Guri and his fellow Ben-Gurion researchers have shown, for instance, that it's possible to trick a fully offline computer into leaking data to another nearby device via the noise its internal fan generates, by changing air temperatures in patterns that the receiving computer can detect with thermal sensors, or even by blinking out a stream of information from a computer hard drive LED to the camera on a quadcopter drone hovering outside a nearby window. In new research published today, the Ben-Gurion team has even shown that they can pull data off a computer protected by not only an air gap, but also a Faraday cage designed to block all radio signals."

You can read that Faraday Cage report here.

North Korea's cyber threat greater than ever

This topic of North Korea's capabilities may have been put on everyone's dashboard after an intelligence report last week:

In a worldwide threats assessment last week, intelligence agencies said: "We expect the heavily sanctioned North Korea to use cyber operations to raise funds and to gather intelligence or launch attacks on South Korea and the United States. Pyongyang probably has a number of techniques and tools it can use to achieve a range of offensive effects with little or no warning, including distributed denial of service attacks, data deletion, and deployment of ransomware."

And North Korea has long been considered the "wildcard" when it comes to cyber warfare. Here is what Major General (Ret.) Brett Williams told SecureWorld about the top three nation-state cyber threats to the United States. Williams is the former Director of Operations at U.S. Cyber Command. 

Comments