At the Google Cloud Security Day media briefing held at the Finance Center in Gangnam-gu, Seoul on the 19th, Luke McNamara, a deputy analyst with Google’s Threat Intelligence Group, warned that North Korean IT personnel are infiltrating various global industries.
He emphasized that although it has been revealed that North Korean IT personnel are active in sectors such as finance, healthcare, and defense in the U.S., domestic industries could also become targets. McNamara noted that these individuals sometimes have ties with North Korea’s APT (Advanced Persistent Threat) groups and might engage in espionage activities if employed by companies or institutions handling sensitive information.
He pointed out, however, that as of now, no attacks involving North Korean IT personnel have been discovered in Korea. He emphasized the need for companies to conduct thorough background checks to avoid inadvertently hiring North Korean IT personnel.
The briefing also highlighted the expanding trend of cyberattacks across diverse industries such as defense, semiconductors, and Bitcoin. McNamara predicted that as global defense spending increases, cyber attackers will try to understand military technology utilization methods and potential buyers.
Additionally, he warned of China’s progressively sophisticated zero-day (exploiting vulnerabilities without known patches) attacks targeting companies with information supply networks, like telecom operators. He noted that last year, the security industry found and tracked 76 zero-day attacks, with most of these state-sponsored attacks linked to China-related APTs.
He explained that attackers focus on companies with established supply networks, like IT and communications service providers, to cause extensive damage, making it challenging to precisely understand their targets.
McNamara predicted an increase in cyberattack attempts to steal confidential information amid geopolitical instability, suggesting that activities supported by national governments might rise over the next year. He stated that these attackers seek information superiority in a very cost-effective manner.
To combat the increasingly diverse and sophisticated cyber threats, McNamara suggested that the international community needs to share specific response strategies. He stated that cyberattacks might initially occur in specific countries or industries and that by sharing detailed attack techniques, Korean companies and institutions can be better prepared for the risks.