Cyberspace and the DPRK: Evolving cyber strategy

WRITTEN BY ABHISHEK SHARMA

2 September 2022

North Korea has regularly been at the centre of Western media attention due to its nuclear weapons programme and human rights violations. Most often, headlines regarding North Korea are either about ballistic missile launches or threats to South Korea and/or the US. While North Korea is facing critical challenges like malnutrition, food shortages, the pandemic, and a failing economy, it continues to develop its nuclear and ballistic weapons programmes. The North Korean regime has found ways to ensure that the current institutional mechanisms for existing sanctions can easily be bypassed to get the funding for its programmes. The exploitation of cyberspace is of particular interest to the regime in Pyongyang, as it has proven to be a golden goose.

Cyberspace in DPRK regime imagination

The regime in North Korea has long held the view that cyberspace is an integral part of its overall strategy, which resonates with the DPRK’s Juche ideology of self-reliance in every sector of the state. For North Korea, its investment in cyber capabilities compensates for the asymmetries in military capabilities compared to its neighbours South Korea and Japan. In addition, it signals a strategy that focuses on building on one’s strengths, such as network isolation, and using it for offensive and defensive cyber operations. This perspective has led to systematic investment in science and technology, an essential feature for developing the cyberspace domain.

The Byungjin policy under Kim Jong-un, derived from his grandfather Kim Il-sung’s idea of ‘parallel development’ and focusing on the simultaneous development of economy and defence, resonates with the utilisation of the cyberspace domain as an instrument. Kim Jong-un’s father, Kim Jong-il, stated that “if the Internet is like a gun, cyber-attacks are like atomic bombs”. Kim Jong-un also has supposedly considered cyber as an “all-purpose sword”. The regime has used cyberspace as a tool for spying, cyber theft, intimidation, attacks, and bypassing sanctions. The motivations behind utilising cyberspace are contextual to particular events and spaces and can range from coercion, espionage, and financial benefits to offensive operations.

The DPRK’s targeting of US public and private organisations shows how far it will go to challenge the US. The (geo)political divide in technology will only make it more problematic.

The DPRK has carefully tried to employ the cyberspace infrastructure systematically, not just to gather resources for its strategic programmes, but also to check enemy cyber capabilities, technology, and policy loopholes. The weaponisation of cyberspace for financial reasons against other states involves state actors like the Cyber Warfare Guidance Unit (Bureau 121) and non-state actors like the Lazarus Group. Non-state actors work closely with the state apparatus to fulfil its objectives, operating either domestically or out of third countries. These operations have become a vital part of the regime’s overall strategy for consistently disrupting adversaries with low-intensity strikes. Due to the cost-effective benefits of cyberspace technology, it is comparatively easy for North Korea to acquire hard and soft infrastructure to strengthen its cyber capabilities.

North Korea’s cyber strategy has focused on cyberspace development by borrowing different techniques, policy-making, human capital, and basic infrastructure from countries like China and Russia. These borrowed resources enable North Korea to provide network bandwidth and even physical space for thousands of Pyongyang digital warriors to launch attacks on government and corporate computer systems around the globe. Therefore, it is crucial to understand the application of cyber operations in the North Korean strategy, and to understand the changing security dynamics in Northeast Asia, focusing on the fifth domain of warfare and its evolution as a complementary strategy of North Korea.

The DPRK is diversifying its cyber strategy

The DPRK government operates with around 6,000 cyber warriors to fulfil its strategic and political objectives. The attack on Sony Pictures Entertainment in 2013 was the first attack that attracted international attention. This attack was a reaction to the release of the movie ‘The Interview, which depicted an assassination plot against the North Korean leader. The Sony attack was not just limited to the corporation’s reputation, but also affected Sony employees personally who were unable to get jobs due to leaks of personal information. In addition, North Korea has targeted individuals belonging to fields such as journalism and the media through phishing emails. This demonstrates motivations beyond money-making, such as retaliation against any voice critical of North Korea. In 2016, hackers from North Korea tried to raid USD 1 billion from the Bangladesh Central Bank. The hack was later attributed to Lazarus Group, one of the infamous North Korean (non-)state actors.

Cyber-attacks, particularly cryptocurrency, have emerged as the primary method for North Korea to gather financial resources for its nuclear and ballistic weapons programme. Chainanalysis, a blockchain data platform, reported a 40 per cent rise in value extracted from the attacks between 2020 and 2021, amounting to the collection of USD 400 million in digital assets. North Korean actors have used cryptocurrency exchange platforms like Bithumb and KuCoin to launder vast amount of money, and other services like cryptocurrency mixers that obfuscate trails of illicit cyber activity. In April 2022, the FBI linked the North Korean hacker group Lazarus to a cryptocurrency heist of USD 620 million (in Ethereum) from the popular online game Axie Infinity.

The attacks utilising new technologies have profound security implications. The cyber operations conducted by North Korean state-supported actors have exploited the loopholes of the United States’ open, interoperable, and secure network. Due to the changing technological landscape and states’ difficulties in adapting through policies and regulations, many new problems have emerged. The recent ban by the US Department of Treasury on Tornado Cash, a virtual currency mixer, shows the vulnerability of US private cyber infrastructure. The mixer was used to launder USD 455 million by the Lazarus Group.

Over the past decades, the threat from North Korean cyber actors has reached an extreme level. A report published by the UN Sanctions Panel Committee on North Korea earlier this year emphasises the increasing threat of cyber-attacks and related cyber activities such as phishing emails, cyber theft, circumventing sanctions, intelligence espionage, and collecting illicit revenue. Kim Jong-un’s regime has succeeded in transferring funds from various sources, including big corporations, banks, or cryptocurrency platforms. Recently, the US Cybersecurity and Infrastructure Security Agency put out an advisory regarding the North Korean use of malware targeting its health sector. Indeed, US agencies are paying close attention to every move by North Korean actors due to the heightened risk of North Korean cyber threats.

A holistic strategy

In recent years, the threat emanating from North Korea’s cyber-attacks has led many states to take action and build closer relationships with other international partners. To ensure a comprehensive response even at the international level, the US has actively tried to involve more states (such as South Korea) in cybersecurity cooperation. In 2022, US and ROK leaders agreed in a joint statement to “deepen ROK-U.S. cooperation on regional and international cyber policy, including cooperation in deterring cyber adversaries, critical infrastructure, combatting cybercrime and associated money laundering”.

The commitment to closer relations was followed by a visit of Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, to South Korea. She emphasised the “U.S. commitment to cooperation with the ROK to combat cybercrime and associated money laundering, secure cryptocurrency, build capacity, and share information”. On 10 August, both states held the 1st ROK-US Working Group Meeting on the DPRK Cyber Threat, in which they discussed the urgency to cooperate on blocking the DPRK’s attempts to generate hard currency for its nuclear and missile programme.

The steps taken by the US show that a holistic strategy needs to be adopted when countering an opponent like the DPRK. However, these steps will not deter Pyongyang’s actions. To that end, there needs to be closer cooperation with partners and allies in bilateral, minilateral, and multilateral platforms in the region. Strict enforcement of UN sanctions, ensuring calculated offensive and defensive operations, continuous diplomatic engagement, expansion of reach as well as scope of the Budapest Convention, and better inter- and intra-coordination among multiple agencies are needed. The DPRK’s targeting of US public and private organisations shows how far it will go to challenge the US. The (geo)political divide in technology will only make it more problematic.

DISCLAIMER: All views expressed are those of the writer and do not necessarily represent that of the 9DASHLINE.com platform.

Author biography

Abhishek Sharma is a PhD Candidate in Korean Studies at the Department of East Asian Studies, University of Delhi. He holds a Master’s degree in International Relations from the South Asian University, New Delhi. His research focuses on the evolving Geopolitics of East Asia and the Indo-Pacific Region, focusing on India-South Korea relations and Indian Foreign Policy. Image Credit: Gábor Adonyi/Pixabay.

.