N. Korea’s Hacking Ability Continues to Evolve
South Korea’s National Intelligence Service has recently reported to the National Assembly that some of the nation’s key research facilities, including the Korea Atomic Energy Research Institute, suffered hacking attacks by organizations connected with North Korea. In fact, North Korea’s hacking attempts are nothing new. Analysts say that it is difficult to track down North Korea’s extensive hacking activities, which continue to evolve. Here’s political commentator Choi Young-il with more.
Hacking is a type of cybercrime. Hackers break into computer networks, through which information is exchanged, to steal sensitive information or disrupt relevant programs.
North Korea nurtures hackers systematically and makes hacking attempts all around the world. The country has strengthened its hacking campaign under Kim Jong-un’s rule. The National Intelligence Service in South Korea assumes that North Korea accounts for more than 90 percent of daily hacking attempts against public institutions in the South. In the initial stage, North Korea launched the distributed denial-of-service or DDoS attacks against South Korean government offices to disable their websites. These days, hacking methods have advanced and diversified, like planting malware. As a result, it is becoming increasingly necessary for South Korea to enhance cybersecurity in light of national security.
With the Internet and computer networks developing rapidly, today’s war is called a cyberwar. North Korea trains and operates cyber forces at the national level.
Military organizations worldwide focus on cybersecurity technology. They invest a lot into training specialists in this area for the purpose of neutralizing key military information that is exchanged through communication networks and of gaining an edge in cyber warfare. North Korea is no exception. Not only to ensure its own national security but to deal a blow to enemy states remotely in a cheaper and more effective way, it is dedicated to nurturing specialists on cyber terrorism. North Korea finds cybercrimes very useful because its hackers can also be used as a means of earning foreign currency.
According to South Korea’s 2020 defense white paper, North Korea operates some 6,800 hackers. In the North, hackers are trained rigorously by the state from childhood to become “cyber warriors,” armed with the world’s best cyberattack capabilities.
In North Korea, the General Bureau of Reconnaissance is known to be responsible for cyber activities, including the information war, terrorist campaigns and hacker training. It was created in 2009 by the merger of existing organizations, including the Operations Department at the Workers’ Party and the Reconnaissance Bureau of the Korean People’s Army. A department in charge of foreign intelligence at the General Bureau of Reconnaissance is believed to be behind North Korea’s hacking units. There are at least four to five hacking groups sponsored by North Korea, including Kimsuky, Lazarus, and Andariel. It seems they are assigned to their respective tasks.
It appears that North Korean hacking units are operated in small groups, making it hard to find a centralized control tower. One of the most well-known North Korean hacking organizations is Kimsuki(김수키), which has consistently launched cyberattacks on institutions and individuals in South Korea, Japan and the U.S., targeting their diplomatic policies and national security secrets. Lazarus, meanwhile, mostly aims to earn financial profit through illegal cyber activities, like private hackers. It is the group behind the cyber theft of the Bangladesh central bank’s account in 2016, the attacks on the Polish Financial Supervision Authority in 2017 and those on Chile’s ATM network in 2018.
In February this year, the U.S. Justice Department announced charges against three North Korean hackers who were accused of stealing more than 1.3 billion dollars in cash and cryptocurrency from banks and companies around the world. The indictment names the defendants Park Jin-hyok, Jon Chang-hyok and Kim Il as hackers, who belong to the General Bureau of Reconnaissance, North Korea’s military intelligence agency. According to the Justice Department, those operatives were accused of taking part in a wide range of cyber attacks for a long time.
It is very unusual that the U.S. indicted North Korean hackers, mentioning their real names. Park Jin-hyok(박진혁), in particular, is the first North Korean operative indicted by the U.S. He faces charges of the 2014 Sony Pictures hack, the 2016 theft of 81 million dollars from the Bangladesh central bank, the 2017 WannaCry ransomware attack and the attempted hacks of Lockheed Martin. He is believed to be a member of Lazarus Group and worked for a North Korean front company called the Korea Expo Joint Venture. An official of the U.S. Justice Department said that North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world’s leading 21st century nation-state bank robbers.
According to a report that was released early this year by a panel of experts under the U.N. Security Council committee on North Korea sanctions, North Korea stole 310 million dollars in virtual assets between 2019 and November 2020. The panel said that hackers linked to North Korea continued to carry out operations against financial institutions and virtual currency exchanges to support the country’s nuclear and missile development. North Korea is expected to continue with its hacking campaign in a more sophisticated way.
It is very unlikely that North Korea will give up highly effective hacking activities, especially amid the prolonged, U.S.-led international sanctions against the North. I imagine North Korean hackers will be mobilized for economic crimes in the short term, rather than for military purposes. But they could also be used as cyber soldiers easily, if necessary. North Korea claims that it is a nuclear weapons state and engages in a war of nerves with the U.S. The impoverished country will continue to resort to this method in order to hold out in economic difficulties. Countries including South Korea and the U.S. have to develop various technologies to counter North Korea’s cyber threats. Diplomatically, the international community needs to pressure North Korea to refrain from its cybercrime operations.
North Korea trains cyber forces at the state level and its hacking attacks continue evolving. For South Korea, it is absolutely necessary to come up with a national response system. With the damage from North Korea’s cyber operations spreading extensively, it is also urgent for South Korea to cooperate with the international community to devise effective countermeasures.