North Korea is laser-focused on boosting its cyber capabilities, and it's doing a remarkable job of it.

Marc Wilczek, Digital Strategist & COO, Link11

January 22, 2021

5 Min Read

Although the US and the United Nations have levied sanctions meant to prevent the illegal financing of nuclear weapons, North Korea is proving to be adept at sidestepping them — and is also remarkably proficient at cybercrime. As other countries try to hammer out common cybersecurity protocols, North Korea has rapidly grown its cyber capabilities, both domestically and abroad. As a result, despite ever-tightening sanctions, the regime is finding ways to exploit digital vulnerabilities around the world and launch cyberattacks — typically through its hacking teams, code-named Hidden Cobra or Lazarus Group — to extort money for its banned nuclear weapons development program.

In 2017, the US Department of Homeland Security and the FBI published a rare cybersecurity bulletin that linked North Korea to several attacks on US businesses and critical infrastructure. The alert concerned a type of malware dubbed Delta Charlie, which the Department of Homeland Security and FBI claim the North Korean government used to launch distributed denial-of-service (DDoS) attacks. These botnet attacks direct a flood of destructive IP traffic stemming from insecure Internet of Things devices to knock websites, applications, and other IT infrastructure offline for hours, days, or weeks.

The cybercrime market's size and the scarcity of effective protection continue to be a mouth-watering lure for North Korean cyber groups. The country's cyber operations carry little risk, don't cost much, and can produce lucrative results. Nam Jae-joon, the former director of South Korea's National Intelligence Service, reports that Kim Jong Un himself said that cyber capabilities are just as important as nuclear power and that "cyber warfare, along with nuclear weapons and missiles, is an 'all-purpose sword' that guarantees our [North Korea's] military's capability to strike relentlessly." 

Other reports note that in May 2020, the North Koreans recruited at least 100 top-notch science and technology university graduates into its military forces to oversee tactical planning systems. Mirim College, dubbed the University of Automation, churns out approximately 100 hackers annually. Defectors have testified that its students learn to dismantle Microsoft Windows operating systems, build malicious computer viruses, and write code in a variety of programming languages. The focus on Windows may explain the infamous North Korean-led 2017 WannaCry ransomware cyberattack, which wrought havoc in more than 300,000 computers across 150 countries by exploiting vulnerabilities in the popular operating system.

More recently, North Korea's state media confirmed the founding of a new science and technology university, likely associated with the country's cyberwarfare and weapons development program, as part of its Oct. 10 military parade. This suggests that ongoing investment of government funds is further strengthening the civil-military fusion, which is bound to exacerbate tensions on the Korean peninsula and international security concerns.

North Korea isn't acting alone. A US Army report estimates that North Korea employs roughly 6,000 cyber agents in four intelligence organizations across the globe. One of them is the infamous Lazarus Group, which is known to be the brains behind severe cyberattacks, including the 2017 WannaCry ransomware release. Among North Korea's few backers, China in particular can aid North Korea's illegal cyber activity through training and academic exchange. North Korean students often study at top Chinese institutions such as the Harbin Institute of Technology (HIT), where they can get acquainted with advanced technology unavailable in their home country because of US and UN sanctions.

The Chinese government continues to forge official academic relationships with military-affiliated North Korean academic institutions, partnerships which may form the basis for more cyberattacks. In November 2019, the Chinese Ministry of Education and the North Korean Chairman of the Education Commission jointly signed the China-North Korea Education and Cooperation Agreement (2020–2030) to buttress academic partnerships and postgraduate student exchanges.

Such joint government initiatives to boost foreign exchanges and post-graduate programs may lead to increased cybercrime, given what the curriculum these universities tend to teach. There are already worries that Chinese universities are educating future North Korean nuclear scientists. The question remains how to stop these institutions from equipping North Korean cyber agents with the skills and capabilities they need to target high-level cyberattacks at the US and other advanced economies. Kim Heung-kwang, a North Korean defector who for two decades was a professor of computer science at Hamheung Computer Technology University, has said he trained many of North Korea's first cyber experts before they departed for further education in China.

The US government continues to unearth new North Korean cyber groups that pose serious international security concerns and threaten US national interests. Even the pandemic isn't stopping North Korea from leveraging its cyber genius — like China and Russia — to pilfer funds from pharmaceutical firms researching COVID-19 vaccines and foreign countries' national COVID-19 relief funds.

However, there is still hope for the US and its global allies. The US Department of Justice can mandate cybersecurity audits for US banks and financial institutions as part of deferred prosecution agreements to encourage compliance with basic cybersecurity protocols outlined by the Cybersecurity and Infrastructure Agency (CISA) and Financial Action Task Force (FATF). In addition to tightening cybersecurity protocols and information-sharing among banks and other financial institutions, the White House can collaborate with its allies on in-depth research into the locations of North Korean cyber centers. Vigilance is necessary, since seemingly legitimate businesses, hotels, and universities can all serve as harmless fronts to disguise malevolent North Korean-sponsored cyber activity.

Although North Korea typically plays second fiddle to China and Russia as a cyber threat, the small country is dedicated to strategically building out its cyber capabilities and leveling the playing field with China and Russia. The US will benefit from coordinating with its allies to safeguard critical infrastructures, shared global interests, and international security. Protecting against potential cyberattacks is crucial, but disrupting the training and deployment of cyber agents is just as critical to limit the scope of North Korea's cyber activities.

About the Author(s)

Marc Wilczek

Digital Strategist & COO, Link11

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across the ICT industry. Before serving as chief operating officer at Link11, he was member of the management board of T-Systems' Computing Services & Solutions (CSS) division. Prior to that, he served as senior vice president, Asia Pacific/Latin America/Middle East & Africa at CompuGroup Medical, and as managing director, Asia Pacific, for Sophos. He is an Alfred P. Sloan Fellow and holds master's degrees from FOM Graduate School for Economics and Management in Frankfurt and London Business School.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights