Head of security firm says highly skilled DPRK hackers may attack US financial sector to deter military action against the regime

North Korea poses a bigger threat of large-scale cyber-attacks than Russia, according to the co-founder of the information security firm that investigated the 2016 Democratic National Committee hacks.

Speaking to the Guardian, Crowdstrike’s Dmitri Alperovitch said: “In 2018, my biggest worry is actually about North Korea. I worry a great deal that they may do a destructive attack, perhaps against our financial sector, in an attempt to deter a potential US strike against either their nuclear facilities or even the regime itself.

“Regardless of whether a military strike is actually on the cards or not, what matters is whether they think one might happen. And given all the rhetoric over the last year or so, it wouldn’t be irrational for them to assume that.”

North Korea has been implicated in a number of major cyber-attacks over the past few years, primarily against South Korea.

They came to a head in 2017, when the “Lazarus group”, an elite North Korean hacking unit, is believed to have created and deployed the WannaCry ransomworm. The malware spread rapidly, taking down IT systems worldwide and forcing a number of NHS trusts in the UK to close temporarily, before it was defused by a young British security researcher.

Alperovitch was speaking before the launch of Crowdstrike’s annual “threat report”, which assesses the state of the hacking industry. Over the past year, the report says, “not only did the volume and intensity of cyberattacks hit new highs, [but] the overall level of sophistication across the global threat landscape experienced a meteoric rise”.

The report suggests that in the future, it won’t just be nation states who wield the most damaging hacking tools: technology developed by the world’s militaries will inevitably make it into the hands of criminal groups and other attackers.

In 2018, the report says, “DPRK-based adversaries are likely to continue malicious cyber activity against entities in South Korea, Japan and the US. Network access obtained via remote access tools … may be used to deploy wiper malware.

“This specific targeting may represent DPRK posturing … that could deliver destructive effects against the US critical infrastructure, should a military conflict occur.”