While often viewed as an expected luxury when traveling, free and/or unprotected Wi-Fi can open the digital door to a world of malicious cyber actors ranging from meddlesome hackers to North Korean cybercriminals. The dangerous combination of weak or nonexistent cybersecurity protocols, relaxed travelers and employees, and increased e-commerce and digital financial activity provide an ideal environment for cybercriminals moonlighting as ordinary guests to hack the world.
North Korea has a track record of conducting sophisticated cyberattacks from unexpected locations through highly creative means. For example, the infamous 2014 cyberattack against Sony Pictures Entertainment was later traced to The St. Regis Bangkok hotel and attributed to a North Korean cyberagent working for the notorious Lazarus Group. In other words, North Korean cybercriminals launched a destructive cyberattack against a world-renowned entertainment company using the Wi-Fi of a hotel in Thailand. Over the years, North Korean cyberattacks have been immensely successful in compromising and stealing millions of dollars from individuals, financial institutions, and cryptocurrency exchanges.
The dangerous combination of weak or nonexistent cybersecurity protocols, relaxed travelers and employees, and increased e-commerce and digital financial activity provide an ideal environment for cybercriminals moonlighting as ordinary guests to hack the world.
While some argue that North Korean cybercriminals still lag behind their Russian or Chinese counterparts, the fact that Pyongyang has been this successful against tech giants like the United States exposes the misconceptions surrounding their cyber capabilities. A main distinction is that while Chinese and Russian cybercriminals have greater access to advanced technologies and the global web, North Korean cybercriminals must venture outside of their country to jurisdictions with lax sanctions enforcement and cybersecurity protocols to conduct cyberattacks. And this includes hotels and commercial establishments.
Chinese-owned companies have repeatedly provided avenues for North Korean agents to operate freely under the guise of legitimate employment or joint ventures. For example, the U.S. Treasury Department designated the Dandong Hongxiang Industrial Development Company in 2016 as a major facilitator of sanctions evasions on behalf of North Korea through industrial trading, consultant services, and joint hotel management. One of the most famous ventures was the Chilbosan Hotel in Shenyang, China, which allegedly housed North Korean cyberagents for years, providing a safe haven for these cybercriminals to teach, practice, and conduct malicious cyberattacks. According to media reports, the Chilbosan Hotel was later closed within the 2017-2018 timeframe due to international pressure and regulations from the United Nations Security Council. However, this hotel in Shenyang is most likely just a drop in the ocean of numerous foreign outposts hosting North Korean cyber agents searching for ways to hone their skills and conduct additional cyberattacks.
Read the full article from The Diplomat.
More from CNAS
What Will North Korean Cybercrime Look Like in 2022?
North Korean hackers will likely continue to employ more phishing campaigns in the future while tailoring their level of obfuscation based on the target’s sophistication....
By Jason Bartlett
Duyeon Kim testifies before European Parliament's Committee on Foreign Affairs
Chairman McAllister, Vice Chairs, DKOR Chairman Mandl, and distinguished Members of the Committee on Foreign Affairs and the European Parliament, thank you for the opportunity...
By Dr. Duyeon Kim
China’s New Land Borders Law Is a Nightmare for North Korean Refugees
A combination of high-level pressure from foreign governments and steady support for grassroots refugee resettlement organizations and programs is the most practical way to as...
By Jason Bartlett
The Two Koreas’ Recent Arms Displays Are Sending Very Different Messages
North Korea has announced that it successfully tested a new, smaller submarine-launched ballistic missile, or SLBM, on Tuesday. State media claimed the missile—launched from t...
By Dr. Duyeon Kim