Microsoft Threat Intelligence Podcast

Between Two Gregs: An Update on the North Korean Threat Landscape

Nov 20, 2024

In this discussion, Greg Lesnewich, a Senior Threat Researcher at Proofpoint, and Greg Schloemer, a Senior Threat Intelligence Analyst at Microsoft, dive deep into North Korea's unique state-sponsored cyber activities. They explore the alarming use of stolen cryptocurrency to fund missile tests and the intense pressure operating on DPRK cyber actors. From unconventional tactics like personal identity targeting to the risks of hiring remote North Korean IT workers, their insights provide a chilling look into the geopolitical implications of this persistent threat.

44:46

Creator website

Episode guests

Greg Schloemer

Greg Lesnewich

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

North Korea employs unconventional cyber tactics, focusing on individual targets for cryptocurrency theft, blending effectiveness with flexibility in its operations.

The intricate network of North Korean operatives infiltrating Western companies highlights the need for comprehensive vetting to mitigate espionage risks.

Deep dives

Understanding the Unique Nature of North Korean Cyber Threats

North Korea is distinct in the realm of cyber espionage due to its unconventional approach and scrappy tactics. Unlike other nation-state actors that often adhere to predictable strategies, North Korean groups frequently prioritize innovative and less sophisticated methods that still yield successful outcomes. For example, they target individuals rather than enterprises, emphasizing personal identities in crimes like cryptocurrency theft, which allows for greater flexibility and lower barriers to entry. This adaptability challenges researchers to broaden their understanding of cyber threats, recognizing that effectiveness often guides their operations over traditional state-sponsored norms.

Intro

2min

Insights into North Korean Expertise and Community

2min

Exploring the Unconventional Tactics of North Korean Cyber Threats

3min

Exploring North Korea's Cryptocurrency Theft and Cyber Operations

6min

Navigating Risks of North Korean Remote Workers

10min

Unmasking North Korean Cyber Threats

20min

In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Proofpoint’s Greg Lesnewich and Microsoft’s Greg Schloemer to share the unique threat posed by North Korea’s (DPRK) state-sponsored cyber activities. The Gregs discuss their years of experience tracking North Korean cyber actors and the distinct tactics that set DPRK apart from other nation-sponsored threats. The conversation also explores North Korea’s high stakes, as DPRK threat actors operate under intense pressure from government handlers, adding a layer of urgency and fear to their operations. They share insights into North Korea’s aggressive use of stolen cryptocurrency to fund the regime’s initiatives, like ballistic missile tests, and discuss the broader geopolitical impact.

In this episode you’ll learn: