Russian and Chinese State-Owned Enterprises Enable North Korean Cyberspace Capabilities

On October 2, 2017, a North Korea monitoring project, 38 North, reported that Russia’s state-owned company, TransTelekom (TTK), provided additional internet connectivity to the North Korean regime.   The link supplemented existing internet access, which has been provided by China Unicom since 2010.  The move clearly demonstrates Russia’s (and China’s) continued efforts to undermine international attempts to weaken Kim Jong Un’s malevolent resolve and capabilities.

According to experts, Russia’s actions have strengthened North Korea’s cybersecurity capabilities as tensions with the West escalate.  Executives at the cybersecurity firm FireEye explain that increasing the number of internet connections available within a country also bolsters its resilience to attacks, potentially undermining U.S. efforts to counter the North Korean threat via cyberspace.

The additional access was provided on the evening of October 1 (Pyongyang time), just one day following reports of a denial-of-service operation (DoS) carried out by U.S. Cyber Command to target and isolate North Korean hackers associated with the country’s military spy agency, the Reconnaissance General Bureau.  Typically the limited internet users in North Korea are members of the country’s military and intelligence agencies.  Internet access is used by these entities to attack other countries (e.g., 2014 attack on Sony Pictures), steal money from financial institutions, and, more recently, the theft of cryptocurrencies.

TransTelekom is a conglomerate owned and operated by Russian Railways (RZD) — Russia’s state-run railway company that holds one of the largest fiber optics networks in the world and participates in several international projects.  The infrastructure and transport company was formerly headed by Vladimir Yakunin, a U.S.- sanctioned  former KGB agent and close ally of President Putin.  Despite Yakunin’s departure, the company has maintained close ties to the Kremlin, indicating the Russian government’s direct involvement in this initiative.  According to a spokesperson for TTK interviewed by the Financial Times, the company has maintained a backbone network interface with North Korea under an agreement with Korea Posts and Telecommunication since 2009.

Interestingly, the telecommunications sector has not been specifically targeted by the most recent UN sanctions passed with the approval of China and Russia in the UN Security Council. This development is also taking place in relatively unchartered territory of internet governance.  The above visual is a footprint of TransTelekom’s parent company, Russian Railways.