North Korean hackers persisted in their attacks against the United States and other countries last week, even as leader Kim Jong Un met with President Donald Trump in Vietnam, hitting more than 100 targets, according to The New York Times.
The hackers began their assault 18 months ago and have continued efforts to hack into banks, utilities and oil and gas companies in the U.S. and Europe, researchers at cybersecurity firm McAfee have found.
North Korean cyber activity reportedly picked up not long after Trump referred to Kim as “rocket man” during a United Nations speech in 2017 and have kept pace since.
Victor Cha, the Korea chairman at the Center for Strategic and International Studies in Washington said North Korea has halted weapons testing following the first Trump-Kim summit, “but over those same 15 months they have not stopped their cyber activity.”
The Times said McAfee researchers were able to watch the attacks in real time, thanks to the assistance of an unnamed law enforcement agency that facilitated access to one of North Korea’s primary computer servers used for the attacks.
The company would not name the targeted entities, but a map McAfee provided showed that most victims were in the U.S. with the most frequent marks in Houston, an oil and gas hub, and New York, a finance hub.”
Senior principal engineer and lead scientist at McAfee, Christiaan Beek, said the latest hacking campaign was “clearly really well prepared.”
“It was very well researched and very targeted. They knew the individuals they were going for, and they drafted emails in such a way that their targets clicked on them.”
Researches also noted that the tools used to implant malware were markedly improved, and “they also went to great lengths to delete their digital movements and encrypt their traffic.”
Security experts said the cyber attacks will have to be discussed at some point in the future if negotiations between the U.S. and North Korea are to continue.
“Their very aggressive cyberactivity will have to be addressed in future discussions,” Cha said, adding that the hackers “are extremely active and, it’s clear to me at least, they’ve stopped missile testing because of the ongoing negotiations, but they’re not stopping in cyber.”