While it remains unclear how advanced the hacking capabilities of North Korea are, a leading South Korean politician has revealed that email spearphishing now makes up the bulk of attacks committed by the reclusive rogue nation. Rep. Joo Kwang-Deok, a lawmaker with the ruling Saenuri Party, has claimed government research shows that over 80% of cyberattacks conducted by Pyongyang against the South Korean military last year involved the use of emails.
Additionally, as reported by the Yonhap news agency, Seoul uncovered 74 cases of email-based cyberattacks from North Korea in 2015, with a dozen involving the use of malware.
In July this year, the politician added, Pyongyang made 43 separate attacks, 27 of which involved phishing attempts.
The official said the statistics prove significant as they show that state-sponsored hackers are moving away from their traditional form of attack, which largely focused on directly attacking websites.
Joo was speaking in favour of bolstering the cybersecurity awareness of the government, adding that North Korea is currently expanding its hacking efforts aimed at confidential military data.
Earlier this year, North Korean hackers reportedly compromised emails and passwords of over 50 South Korean officials, diplomats and security personnel in an attack that had all the hallmarks of a spearphishing cyberattack. These traditionally rely on malicious links to fake websites specifically designed to capture personal information.
In a statement issued at the time, the Supreme Prosecutors' Office in South Korea said: "It is important [for government officials] to refrain from using private email accounts for official work and they should frequently change their email passwords."
Cybersecurity experts often debate the true scope of Pyongyang's hacking powers. Many have linked the 2014 cyberattacks on Sony Pictures to North Korea, however some remain unconvinced by such attribution. In one recent case, the state was linked to a massive cyber-heist at the Bangladesh central bank.
The country's cyberattacks are believed to be orchestrated by a secretive group known as Bureau 121 – which many claim is actually operated out of China. Last year, one defector claimed the agency employed 6,000 people and was increasingly well-funded.
"The reason North Korea has been harassing other countries is to demonstrate that North Korea has cyberwar capacity," he told the BBC in an interview. "Their cyberattacks could have similar impact as military attacks, killing people and destroying cities."
"North Korea's fingerprints, in the form of unique malware code, have been found on a number of hacked systems around the world," Leo Taddeo, a former FBI cyber chief and current security official at Cryptzone told IBTimes UK via email.
"This alone does not conclusively prove they are behind the attacks. However, when we add other elements, such as motive and opportunity, a strong case begins to develop [...] the DPRK is short on intelligence collection capabilities outside the Korean peninsula. Cyber espionage is a cost-effective way to monitor potential adversaries."