North Korea’s new Internet provider: Russian firm replaces China Unicom as primary router

by WorldTribune Staff, October 3, 2017

A new external Internet connection provided by Russia will give North Korea the capability to conduct more cyber attacks, an analyst said.

North Korea’s Internet access is estimated to be somewhere between a few hundred and just over 1,000 route connections.

While North Korean elites may have Internet access, the vast majority of the country’s population is blocked from the web. / KCNA via EPA

Pyongyang’s web connections are vital for coordinating the country’s cyber attacks, said Bryce Boland, chief technology officer for the Asia-Pacific region at FireEye, a cyber-security company. Having Internet routes via both China and Russia reduces North Korea’s dependence on any one country at a time, he said.

Dyn Research, which monitors international Internet traffic flows, said it had seen Russian telecommunications company TransTeleCom routing North Korean traffic since Oct. 1.

Previously, North Korean traffic was handled via China Unicom under a deal dating back to 2010. TransTeleCom now appears to be handling roughly 60 percent of North Korean Internet traffic, while Unicom transmits the remaining 40 percent or so, Dyn Research said.

Boland told Reuters that the Russian connection “will improve the resiliency of their network and increase their ability to conduct command and control over those activities.”

Many of the cyber attacks conducted on behalf of Pyongyang came from outside North Korea using hijacked computers, Boland said. Those ordering and controlling the attacks communicate to hackers and hijacked computers from within North Korea.

The Washington Post reported that U.S. Cyber Command has been carrying out denial of service attacks against North Korean hackers designed to limit their access to the Internet.

North Korea has been blamed by Western governments for several major cyber attacks in recent years, including against banks and Sony Pictures, as well as the WannaCry ransomware attack that froze computers unless their owners sent cash.

Subscribe to Geostrategy-Direct __________ Support Free Press Foundation