McAfee, which is based in Santa Clara, Calif., would not name the targets of the attacks and said it would be alerting victims and government authorities on Monday. But the firm did provide a map of North Korean hackers’ targets.
The vast majority were in the United States, with the most frequent marks in Houston, an oil and gas hub, and New York, a finance hub. Other major targets included London, Madrid, Tokyo, Tel Aviv, Rome, Bangkok, Taipei, Seoul and Hong Kong. Russia and mainland China, two countries that have maintained cordial relations with North Korea, were relatively untouched.
North Korea, like the United States and many other countries, has long been accused of using hackers to further its national interests. In 2014, apparently in retaliation for a movie that mocked Mr. Kim, North Korean hackers hit Sony Pictures Entertainment. They destroyed Sony’s computer servers, paralyzed the studio’s operations and eventually leaked embarrassing emails from executives, in what would become a playbook for the Russian attacks and leaks of emails ahead of the 2016 elections.
North Korean hackers have been tied to attacks on banks all around the world for financial gain — a rarity among government-affiliated hackers but not surprising for a country ravaged by economic sanctions. The “WannaCry” attack, which paralyzed more than 150 organizations around the globe in 2017, was also traced to North Korea.
Mr. Cha, of the Center for Strategic and International Studies, said cyberattacks remained the “third leg” of North Korea’s overall military strategy. “They’re never going to compete with the United States and South Korea soldier to soldier, tank for tank,” he said. “So they have moved to an asymmetric strategy of nuclear weapons, ballistic missiles and the third leg is cyber, that we really didn’t become aware of until Sony.”
Since the Sony attack, McAfee’s researchers said North Korea’s hackers had significantly improved their capabilities: They are much better at hiding their tracks and researching their targets. And in many of the attacks McAfee witnessed, North Korean hackers had done their homework.
They scoured the Microsoft-owned business site LinkedIn, for example, to find the profiles of industry job recruiters. They sent emails that appeared to come from those recruiters’ accounts, often in perfect English, promoting job opportunities.