Korean Peninsula A to Z

Inside North Korea

N. Korea’s Hacking Groups


ⓒ Getty Images Bank

North Korea has been launching cyber attacks extensively and persistently. Last week, a Russian cyber security firm said that a North Korea-sponsored cybercrime group, Lazarus, had stolen cryptocurrency using the Telegram messaging app. Last month, Microsoft in the U.S. sued a North Korean hacking group for allegedly stealing user information. 

Apparently, North Korea’s malicious cyber activities are posing a threat to the entire world. Who are those hackers and why does the communist regime nurture their cyber forces? Today, we’ll learn about North Korea’s hacking organizations from Professor Chung Eun-chan at the Institute for Unification Education.

For North Korea, one of the most important purposes of training hackers is to complete the final stage of war preparations. The North’s basic military strategy consists of three principles—preemptive surprise attacks, blitzkrieg tactics based on quick and decisive battles, and hybrid warfare. In hybrid warfare, the nation seeks to win a victory both in the front and rear. In terms of old military strategies, regular forces would attack along the battlefront, while others would dig underground tunnels to harass the enemy’s rear. But today, North Korea chooses to wage cyber warfare in order to collapse and disrupt the enemy simply with a button. For that reason, the country is known to have nurtured specialists on cyber terrorism since the 1990s. 

In North Korea, hackers are part of the military forces. In 2013, leader Kim Jong-un said that cyber warfare, along with nuclear weapons and missiles, are an “all-purpose sword” that guarantees the military’s strike capabilities. 

It is known that North Korea has two cyber warfare organs—the Enemy Collapse Sabotage Bureau under the military and the General Bureau of Reconnaissance. The former collects internal information to control local residents, while the latter is in charge of hacking campaigns, in which it breaks into security systems to steal sensitive information. 

This General Bureau of Reconnaissance was pinpointed as the perpetrator of the distributed denial-of-service or DDoS attacks on 35 websites of major institutions in South Korea and the U.S. in 2009.  

To train hackers or “cyber warriors” systematically, North Korea is working hard on education for gifted children. 

In the North, cyber warriors are groomed from childhood. Would-be cyber agents are selected among those aged 14 or 15 or even younger. They are taught at Kumsong(금성) Middle School No. 1 and No. 2 and then enter Kim Il-sung University or Kim Chaek University of Technology for further education. After graduation, they are assigned to the cyber warfare unit under the General Bureau of Reconnaissance to work as hackers. 

North Korea cultivates “cyber elites” systematically by selecting science prodigies and giving them intensive cyber security training. In addition, some of the brilliant graduates of Kim Il-sung Military University are selected to receive computer training before being appointed as hacker unit officers. After going through rigorous training, hackers are entitled to various privileges. 

Hackers can enter the party and have a successful career as well. They are proud of being part of the advance guard that defends the country. Hackers enjoy various benefits ordinary citizens can’t even think of. They are given chances to study or work abroad and also provided with economic incentives. For example, if they successfully hack a cryptocurrency exchange with a system they have developed, they can get 10 percent of the gains. It’s no wonder that hackers are launching cyber attacks competitively. 

North Korean hackers can secure the livelihood of the top one percent of society. In fact, their hacking skills are highly sophisticated. 

One of the most sensational cyber attacks linked to North Korea was the 2014 hack of Sony Pictures, the distributor of a film entitled The Interview that depicts the assassination of North Korean leader Kim Jong-un. At the time, the hacking destroyed data on 70 percent of the company’s computers. In 2016, North Korean hackers made off with 81 million US dollars through a cyber theft of the Bangladesh central bank’s account at the Federal Reserve Bank of New York. Lately, North Korea has conducted hacks on cryptocurrency exchanges. 

With the value of cryptocurrency rising, North Korea has attacked crypto exchanges to seize virtual currencies including bitcoin. In 2017, the National Police Agency Cyber Bureau in South Korea said that North Korea made ten hacking attempts against four cryptocurrency exchanges in the South. North Korean hackers are suspected of being behind the 2017 cyber attack using the WannaCry computer virus. It is a sort of ransomware, which refers to malicious software that encrypts computer systems, leaving them inaccessible to users and demands money to decrypt them. 

These days, North Korean hackers are being used as a means of earning foreign currency to maintain the impoverished regime

According to a report by the U.N. Security Council, North Korea illegally gleaned 570 million US dollars by hacking crypto exchanges in East Asia five times between 2017 and September of 2018. As a Russian security firm recently said, the North is stealing digital currencies using a new hacking method. Along with Russia, China and Iran, North Korea is included in the list of countries that pose a grave cyber threat. These countries are linked to some of the most infamous hacking incidents in the past ten years. 

The U.S. has been sanctioning North Korean hackers, including Park Jin-hyok who caused great damage by hacking computers all around the world for three years starting in 2014. 

The U.S. regards all hacking attempts as an attack to national security. 

So it follows the hackers’ tracks, reveals their identities and openly searches for them. In September of 2018, the U.S. Department of Justice charged North Korean computer programmer Park Jin-hyok with conspiracy to conduct computer intrusions and wire fraud. In September of 2019, the U.S. Treasury Department decided to impose sanctions on three North Korean hacking groups under the General Bureau of Reconnaissance. 

Actually, however, it is difficult to punish the hackers. International cooperation is necessary to come up with ways to block North Korea’s cyber crime operations. 

North Korea is acquiring hard currency through illegal means and stealing important security information. It seems necessary for the international community to devise proactive countermeasures against North Korean hacking attacks, which is a serious threat to global cyberspace. 

Latest News