North Korea, a nuclear-armed state, is reportedly making advances in the front lines of cyber warfare, according to analysts, amid accusations of stealing billions of dollars, making it a more immediate and visible threat than its prohibited weapons programs. Pyongyang is under multiple international sanctions due to its nuclear bomb and ballistic missile programs, which have advanced rapidly under the leadership of Kim Jong-un. While global diplomatic efforts have focused on Pyongyang's nuclear ambitions, the North has quietly and steadily strengthened its cyber capabilities. Analysts say that its cyber army, consisting of thousands of trained hackers, poses a threat of equal magnitude.
According to Oh Il-seok, a researcher at the Institute for National Security Strategy in Seoul, "North Korea's nuclear and military programs represent long-term threats, but its cyber threats are immediate and real." North Korea's cyber warfare capabilities gained international prominence in 2014 when it was accused of hacking Sony Pictures Entertainment in retaliation for the release of "The Interview," a satirical film mocking Kim. The attack resulted in the leak of many unreleased films online and a large cache of confidential documents.
Since then, North Korea has been accused of a number of significant cyber attacks, including the theft of $81 million from the Bangladesh central bank and the WannaCry ransomware attack that affected countries worldwide in 2017, compromising around 300,000 computers in 150 countries. Pyongyang has denied any involvement in these attacks, describing U.S. accusations regarding WannaCry as "illogical," with a spokesperson from the Foreign Ministry stating, "We have nothing to do with cyber attacks."
However, in February, the U.S. Justice Department charged three North Koreans with "participating in a broad criminal conspiracy to carry out several devastating cyber attacks." In its annual risk assessment report for 2021, the U.S. acknowledged that Pyongyang "probably has the capability to cause temporary and limited disruption to some sensitive critical infrastructure networks" across the U.S. The report stated that North Korea's cyber program "poses an increasing threat of espionage, theft, and attacks," according to a document released by the Office of the Director of National Intelligence.
North Korea has been accused of stealing hundreds of millions of dollars from financial institutions and cryptocurrency exchanges "possibly to fund government priorities such as its nuclear and missile programs."
The North Korean cyber program dates back to at least the mid-1990s when its then-leader Kim Jong-il reportedly stated that "all wars in the future will be computer wars." The powerful cyber warfare unit of Pyongyang, known as "Bureau 121," which consists of 6,000 personnel, operates from several countries including Belarus, China, India, Malaysia, and Russia, according to a U.S. military report published in July 2020. Scott Jarkoff from CrowdStrike cybersecurity firm noted, "They are highly advanced, dedicated, and capable of executing sophisticated attacks."
Recruitments for "Bureau 121" undergo training in various programming languages and operating systems at specialized institutions like the Mirim University, according to former student Jang Se-yul, who defected in 2007. The university, now known as the Automation University, accepts only 100 students per year from among the top students in the country. Jang stated to AFP, "We learned that we must be prepared to counter U.S. capabilities in cyber warfare." He added, "We learned that we must develop our hacking programs since attacking an enemy's operating system is the best form of defense."
Cyber warfare particularly attracts poor, small countries like North Korea that "lag behind others in terms of equipment such as planes, tanks, and other advanced weapon systems," according to Martin Williams from the Stimson Center. He noted, "Hacking only requires a computer and an internet connection."
Most state-sponsored hacking groups are primarily used for espionage, but experts say North Korea differs from others in that it deploys its cyber capabilities for financial gain. Pyongyang has shut down its borders to prevent the spread of COVID-19, exacerbating pressure on its economy while it has sought foreign currency through various means for years. Williams remarked, "Theft is the quickest way to profit from a business activity, especially with skilled hackers."
In February, the U.S. accused three North Koreans of stealing over $1 billion and 3 million dollars in funds and cryptocurrency from financial institutions and firms. When charges were filed, Assistant Attorney General John Demers described North Korean operatives as "the world's bank robbers," adding that they "use keyboards instead of guns to steal digital wallets of cryptocurrencies instead of bags of cash."
Trading in cryptocurrencies like Bitcoin presents hackers with an increasing array of lucrative targets. Furthermore, their decentralized networks provide an additional benefit to the North, offering a means to circumvent financial sanctions, according to Jarkoff. He noted that "this allows North Korea to easily introduce laundered money into the country, outside the control of the global banking system." He concluded that "cryptocurrencies are appealing because they are unregulated, borderless, and relatively anonymous."
