Russia Boosts North Korea's Cyberwarfare Capabilities With New Internet Connection

Pyongyang has been blamed for several major cyberattacks in recent years, including against banks and Sony Pictures, as well as the WannaCry ransomware attack

Employees watch electronic boards monitoring possible ransomware cyberattacks at the Korea Internet and Security Agency in Seoul, South Korea, May 15, 2017.
Yun Dong-jin/AP

North Korea has opened a new internet connection with the outside world, this time via Russia, a move which cybersecurity experts say would strengthen the country's internet and its ability to conduct cyberattacks. 

North Korea has been blamed for several major cyberattacks in recent years, including against banks and Sony Pictures, as well as the WannaCry ransomware attack. Pyongyang has routinely denied any involvement.

Dyn Research, a company which monitors internet connectivity, said it had seen Russian telecommunications company TransTeleCom routing North Korean traffic since about 9 A.M. GMT on Sunday. 

Previous traffic was handled via China Unicom. 

TransTeleCom could not be immediately reached to comment on the report. 

North Korea's internet is limited to a few hundred connections. But these connections are vital for coordinating the country's cyber attacks, said Bryce Boland, FireEye's chief technology office for the Asia-Pacific region. 

Boland also confirmed the new connection, which was first reported by 38 North, a project of the U.S.-Korea Institute at Johns Hopkins School of Advanced International Studies. 

Boland said the Russian connection would enhance North Korea's ability to command future cyberattacks. 

Many of the cyber attacks conducted on behalf of Pyongyang came from outside North Korea, using hijacked computers, he said, while those ordering and controlling the attacks remained inside, communicating to hackers and hijacked computers from computers within North Korea. 

"This will improve the resiliency of their network and increase their ability to conduct command and control over those activities," Boland said. 

The Washington Post reported earlier that the U.S. Cyber Command has been carrying out denial of service attacks against hackers from North Korea. The operation was due to end at the weekend.