Anonymous Hackers Target North Korea in Response to Satellite Launch

A North Korean rocket is launched on February 7, carrying what Pyongyang claimed to be a satellite. In response, hackers attacked state websites in an attempt to disrupt ground communications with the satellite.

Hackers associated with the Anonymous collective have attacked North Korean state websites in response to the country’s latest satellite launch.
The New World Hackers targeted three websites hours after the launch on Sunday, with the group claiming up to 200 sites were affected as a result of the attacks.
“Our main motive for these attacks was to stop communications between the satellite and the websites, leaving the government wondering why they can’t launch a test, or possibly even a real missile strike at any point in time,” a member of the group tells Newsweek.

“If you attack a site linked to a satellite that constantly updates off of that site, you’re really disrupting something somewhere. We at least slowed down their progress.”
It is not clear if communications with the satellite were affected but proof of sites being knocked offline by a distributed denial of service (DDoS) attack was shared with Newsweek. This method of attack overloads the servers used to host websites with traffic from multiple sources.

New World Hackers has previously been credited with the largest DDoS attack ever carried out, using its “BangStresser” tool to disable all of the BBC’s websites for a period of several hours in December 2015.
The same tool has also been used to repeatedly disrupt Donald Trump’s campaign website, as well as dozens of sites associated with the Islamic State militant group (ISIS) as part of Anonymous’s OpISIS campaign. New World Hackers has said that while it takes part in certain Anonymous operations and supports the hacktivist collective, it operates independently of the group.
North Korea has defended the satellite launch as a way of tracking weather patterns. However, the U.S. and other countries have accused Pyongyang of using the launch as a front for a ballistic missile test.
“North Korea continues to develop their nuclear weapons and ballistic missile programs, and it is the responsibility of our alliance to maintain a strong defense against those threats,” General Curtis M. Scaparrotti, U.S. Forces Korea commander, said in a statement.
The United Nations Security Council also “strongly condemned” the launch and promised to take punitive steps against North Korea.

Russian Hackers Shut Down Ukraine’s Power Grid

This article first appeared on The Daily Signal.
As many as 80,000 residents in western Ukraine lost power for six hours on December 23. Cybersecurity firms SANS ICS and iSight Partners have attributed the blackout to Russian hacking group Sandworm and its malicious software, BlackEnergy 3.
Cyberattacks on power grids and other critical infrastructure are not new, but this most recent attack seems to be the first use of cyber as a weapon with kinetic effects during an ongoing conflict, highlighting the growing importance of cybersecurity.
While an analysis of the cyberattack is ongoing, BlackEnergy 3 has a history of targeting information control systems.

For the Prikarpattiaoblenergo electric company in Ukraine, the malware and its subcomponent KillDisk shut down computer operating systems, which in turn ended up shutting down the local electrical grid. Hackers also sought to make it impossible for customers to report electrical issues to the electric company by blocking out the company’s phone system.
There may be other businesses that have been affected by BlackEnergy 3, as certain malware can have cascading effects. Luckily, the reported effects of the cyberattack have so far been relatively short-term.
Cyberattacks against Ukrainian, EU and NATO officials in 2014 have been attributed to the same hacking team. Hackers in Russia have a tendency to set their sights on areas most relevant to Russian foreign policy—in Ukraine’s case, the illegal annexation of Crimea by Russia and ongoing Russian-backed rebellion in eastern Ukraine.

BlackEnergy 3 wouldn’t be the first successful cyberattack that’s had kinetic damage (outside an ongoing regional conflict)—and it may not be the last.
Recent news reports highlight the continued efforts of hackers, such as those from Iran, to gain information on critical infrastructure in order to cause damage—for example, the cybertheft of passwords and blueprints from a number of power plants or illicit access to dam control systems.
Critical infrastructure may be targeted by those such as hacktivists, nation states or state sympathizers, or domestic and international businesses.
Disrupting critical infrastructure control systems to the point of causing kinetic damage is no easy task. It takes knowledge of both the operating systems used and the spokes and cogs that run the machine. But as cyberattackers and malware grow and evolve at a very rapid pace, and malicious actors gain access to blueprints, operating manuals and resources from those interested in causing damage, the risk of a successful attack increases.
While the power outage in Ukraine was short-lived, there will be serious implications of similar successful attacks. The hackers, while said to be within Russia, also have international ties.
It’s important for the U.S. and the international cybercommunity to work together to prevent cyberattacks of this type.
Contributed by
Riley Walters is a research assistant in The Davis Institute for National Security and Foreign Policy at The Heritage Foundation.