North Korea is known for being an economically isolated country, a foreign policy pariah and the occasional subject of memes about its leader, Kim Jong Un.
Beyond those impressions, the country has also been carrying out cyberattacks as an alternative form of warfare for the last decade, first becoming relevant to the U.S. government in 2014. North Korean hackers compromised computers at Sony Pictures Entertainment (SPE) in retaliation for Sony releasing The Interview, a political satire about North Korea and Kim Jong Un. According to the U.S. Department of Justice, the hackers “gained access to SPE’s network by sending malware to SPE employees, and then stole confidential data, threatened SPE executives and employees and damaged thousands of computers.”
Sonygate might sound frivolous, but the FBI declared it one of the largest cyberattacks in U.S. history. It was the dawn of North Korea’s information warfare.
Before they began attacking the United States, the DPRK hit two South Korean banks and three of the country’s largest news broadcasts in 2013. The attack rendered ATMs useless and disrupted the television station’s systems.
In 2016, Lazarus, a government-sponsored hacking team in North Korea, targeted the Bangladesh Bank. Hackers spent almost a year figuring out a backway into the bank’s systems and learning about its operations.
The Bangladesh Bank has an account with the Federal Reserve Bank in New York City, and in February of 2016, the Federal Reserve Bank was sent instructions from Lazarus posing as the Bangladesh Bank to make over thirty payments totaling nearly one billion USD to multiple accounts. They were successful in receiving $81 million, but the Federal Reserve blocked the other transactions. Lazarus was also linked to the Sony attack.
In 2017, a cyberattack called WannaCry 2.0 targeted hundreds of thousands of computers in major cities and then demanded money in exchange for unfreezing the computers and the accounts. WannaCry was also linked to North Korea.
According to a report by the United Nations, North Korea used cyberattacks to accumulate around $2 billion for the proliferation of weapons of mass destruction in 2019. The attacks were aimed at various banks and financial institutions through money laundering to disguise the income as coming from a legitimate source. According to the National Intelligence 2021 Annual Threat Assessment, these were deeply problematic developments: “North Korea’s cyber program poses a growing espionage, theft, and attack threat.”
The regime has reportedly stolen almost $400 million in cryptocurrency in 2021, giving more credibility to the accusation that North Korea uses cyberattacks to fund its economy and proliferation programs due to heavy sanctions. According to some estimates, North Korea employs around 7,000 people in its cyber programs across multiple departments.
In 2016, hackers in the capital city of Pyongyang gained access to hundreds of gigabytes of South Korean Army data which had documents detailing a plan if North Korea were to invade the South and even had a plot to assassinate Kim Jong Un.
What’s revelatory about North Korean cyberattacks is that despite its isolation, it is able to have such a widespread impact on the rest of the world. North Korea is aided by Russia and China, as virtual private networks (VPNs) are often connected through China to conduct cyberattacks. Russia and China have not acknowledged their hand in cyberattacks, but a member of the U.S. Department of Justice claimed that China helps North Korea with its cyberattacks because of their alliance and illegal trade across China-North Korea borders.
Beyond the Soviet Union’s early involvement in the formation of North Korea, more recently, Putin and Kim have gotten closer over the last few years. North Korea has publicly supported the Russian invasion of Ukraine and Russian officials have discussed the possibility of employing dozens of thousands of North Korean laborers to help reconstruct after the war.
Each time an attack happens, the FBI and other national security agencies urge U.S. organizations and companies to protect their data from potential hacks and attempt to prevent ransomware. Aside from that, there isn’t much more that the government can do because North Korea does not claim responsibility for their attacks.
In 2021, the U.S. Department of Justice charged three North Korean hackers who reportedly worked for the government for conspiring to steal the billion dollars from the Bangladesh Bank, the Sony Pictures attack, and multiple other attacks on other institutions. Director of the FBI Christopher Wray announced that this charge “demonstrates the FBI’s unceasing commitment to unmasking and stopping the malicious actors and countries behind the world’s cyberattacks.” However, the FBI conceded that this was unlikely to lead to the arrest of the alleged hackers but the point of this very public charge was to “name and shame” to bring more attention to the public.
Despite the Justice Department’s charges, they have no ability to stop or fully prevent North Korea’s cyberattacks. Cyberwarfare is not well-known by the public, nor are the attacks that North Korea carries out to further its military and/or political aspirations. When Russia interfered with the 2016 U.S. elections, a federal grand jury indicted 12 Russians for their alleged roles but a federal judge dismissed the charges and the trial in 2020.
Cyberattacks are a key component of North Korea’s alternative warfare that will continue as North Korea ramps up its proliferation efforts in an attempt to curb Western hegemony. With China’s complicity with the regime’s attacks, it will be important for the United States to watch both countries as China continues to rise in the global world order, taking North Korea with it.