TH THE E SH SHADOW SE SECTOR North Korea’s Commercial IT Networks Andrea Berger Shea Cotton Cameron Trainer
North Korean Cyber and IT Companies: An Overview
Nor orth th Kor orean Cyber St Strategy • Emphasis on asymmetric capabilities in general strategy. • Low-risk, and low-cost approach to: • Disruption • Power projection • Coercion • Intelligence collection • Revenue generation • Where does the commercial IT sector fit in?
Ris isk Ex Exposure 1) Government-to-government deals 2) DPRK front companies selling directly to customers 3) DPRK companies plugging indirectly into supply chains
Government-to-Government Contracts
Source: Equatorial Guinea Inter (Disclaimer: not verified)
DPRK Companies Selling Directly
DPRK Companies Selling Indirectly
Trends and Remaining Questions
Trends • Wide range of products/services, but emerging specialization in IT security, biometric identification. • Sale of algorithms? • More general NK companies getting involved in IT sector. • Seeming use of freelancer platforms.
Key Questions • Is North Korea using its presence in the commercial IT sector for strategic or tactical aims other than revenue generation? • How does that activity intersect with its seeming preference for targeting the private sector through hacking, malware etc? • Do the organizations active in this space connect to one part of the North Korean system, or more? How do they relate?
Thank You Andrea Be Berger: aber erger@miis.edu Shea ea Cot Cotton: scotton@miis.edu Cam Cameron Trainer: ct ctrainer@miis.edu
Recommend
More recommend
