The United States, like many other countries, is the victim of an ever-increasing number of cyberattacks. Aggressions mainly perpetrated by China and Russia, but North Korea is not left out, with a network of highly trained hackers. Explanations from our correspondents.
Published
Reading time: 6 min
:quality(50)/2024/02/28/dpaphotossix860920-65df43a5d2e94516221752.jpg)
While the French Computer Systems Security Agency has just announced that cyberattacks are increasing by 30% in France, the United States is by far the first country targeted by cyberattacks. These attacks are carried out first by China and Russia, but North Korea is not left out, with a network of highly trained hackers.
In the United States, the FBI and a special agency are on permanent alert
In 2022, the latest year for which complete figures are available, the United States was the target of more than 800,000 cyberattacks. These attacks resulted in financial losses of more than $10 billion over a year, according to data from IC3, the internet crime complaint center. It is the entity of the FBI that identifies and processes everything that has to do with cyberattacks. In 20218, the country created the Cybersecurity and Infrastructure Security Agency, which deals with large-scale attacks against the country’s sensitive infrastructure. Attacks ranging from phishing and malware to scams involving items purchased online and never delivered.
Two countries are the main actors in these cyberattacks against the United States, Russia and especially China. FBI boss Christopher Wray, interviewed in Congress, explained: “China’s multi-pronged attack on our national and economic security makes it the most significant threat of our generation.” It was particularly alarming: “Chinese hackers are targeting our critical infrastructure : our wastewater treatment plants, our electricity network, our oil and gas pipelines, our transport systems. The risk this poses to every American demands our attention now.”
Very diverse attacks
Recently, last June, several federal government agencies were hit by a global cyberattack carried out by a Russian gang. This time, major US universities and state governments were targeted. Schools, hospitals and universities are also regularly affected. Like Johns Hopkins University in Baltimore and its famous health system, or the entire university of the State of Georgia and the 40,000 students of its State University.
Another recent example is that North Korea attacked Sony. After a film that was unflattering for Pyongyang, the pirates responded by recovering terabytes of private data, they made confidential information public, as well as five films that Sony had not yet distributed.
North Korea ahead of Japan and Israel
We know North Korea for its regular missile launches, but the Kim Jong-un regime has another asset: its cybercrime program. The North Korean regime’s strategy consists primarily of spying on its adversaries, whether South Korea, the United States or other Western countries. Using computer viruses, North Korean hackers manage to recover data from both companies and governments.
But since 2017, as virtual currencies become increasingly popular, the regime has seen an opportunity to finance itself. Still using computer viruses, it is estimated that the North Koreans stole nearly $3 billion in cryptocurrencies in six years.
North Korea’s cybercrime program is not new. The first attack attributed to the regime dates from 2009. Although access to the internet is very rare in the country, the latter has intensively developed its cyber warfare capabilities. The number of hackers hired by the regime is estimated at around 7,000. The latter are very well trained according to computer security agencies, which sometimes struggle to decode viruses developed by the North Koreans. According to the Belfer National Cyber Power Index, which analyzes the IT capabilities of world powers, North Korea would be in 14th place out of the 30 countries studied, ahead of Japan and Israel.
A threat taken seriously in South Korea
Its southern neighbor is worried, because although we know little about the regime’s real capabilities, it should not be underestimated. The large network of highly trained computer hackers extends beyond its borders, installed undercover in neighboring countries. Just recently, a relative of the South Korean president was hacked by North Korean hackers who were able to gain access to the head of state’s agenda.
Large companies like Google and even central banks have already been victims of North Korean attacks. The threat is therefore taken seriously by the South Korean army. The financial system and communications could be shut down in the event of a coordinated attack. In 2013, North Korean hackers massively hacked South Korean media, banks and institutions, causing more than 750 million euros in damage. But the regime does not seem to favor so-called destruction attacks, preferring to spy on or steal virtual currencies.