The Daily Beast has an interesting article discussing how North Korea may be developing malware capable of shutting down portions of the US power grid:
But in September, Dragos picked up a new adversary, code-named “Covellite,” that appears to be trying to join that club. Covellite has been targeting electric utilities in the U.S., Europe, and parts of East Asia with spear-phishing attacks that employ code and infrastructure eerily similar to that used by the so-called Lazarus Group, the most destructive and outright criminal of the state-sponsored hacking gangs. Dragos doesn’t link attacks to specific nation-states, but the U.S. government has publicly identified the Lazarus Group as North Korea.
If Kim Jong Un is trying to duplicate Russia’s electricity-killing capability, he’s in an early reconnaissance stage—Covellite hasn’t shown any particular expertise in the arcana of industrial-control systems. But Dragos’ Joe Slowik says it’s a worrying development. “From a risk standpoint, that actor could be really interesting,” says Slowik. “Particularly if things on the Korean Peninsula get worse.”
It should come as no surprise to see North Korea attempting to develop the same type of cyber weaponry other major nation state players are leveraging. The recently semi-cozy relationship between Russia and North Korea could be a factor in a focal change for the country.
Generally North Korea conducts cyber attacks primarily for financial gain due to the global sanctions imposed against the nation, as well as the country having been cut off from the world banking system. Additionally, the tensions between Trump and Kim Jong Un are likely pieces of a strategic puzzle being developed in Pyongyang, leading North Korea to pursue more destructive cyber weapons than mere ransomware and other forms of financial generation.