Everand Logo

Welcome to Everand!

  • This Week in Asia

    North Korea steps up 'persistent, opportunistic' cybercrime to fund nuclear programmes

    by Seong Hyeon Choi May 16, 2023 3 minutes

    As international sanctions and the Covid-19 border lockdown continue to impact North Korea, the regime has increasingly engaged in cyber-operations, raiding cryptocurrency exchanges in recent years to fund its nuclear and missile programmes.

    Analysts argue that these cyber operations are a strategic approach to circumvent international sanctions and resist global pressure on the regime.

    During an event hosted by the non-profit Special Competitive Studies Project last week, Anne Neuberger, deputy national security adviser for cyber and emerging technology for the Biden administration, said "about half of North Korea's missile programme had been funded by cyberattacks and cryptocurrency theft".

    Do you have questions about the biggest topics and trends from around the world? Get the answers with SCMP Knowledge, our new platform of curated content with explainers, FAQs, analyses and infographics brought to you by our award-winning team.

    She also said US intelligence agencies were working to identify North Korean operatives and that the US Treasury was tracing stolen cryptocurrency.

    Pyongyang's cyberattacks have become a grave threat to Seoul and Washington, with North Korea intensifying its nuclear and missile programmes in recent years.

    In April, Pyongyang announced that it tested a new solid-fuel intercontinental ballistic missile (ICBM) - the first time it has test-fired a solid-fuel ICBM.

    It is faster to fuel solid-fuel rockets than liquid propellants, allowing the North to strike the US with far less warning. Cryptocurrency theft has been identified as one of Pyongyang's main sources of funding in developing such advanced technology.

    A report by the United Nations Security Council (UNSC) in April showed that 2022 was a record-breaking year for North Korea's cryptocurrency theft, with security experts estimating that Pyongyang stole up to US$1 billion worth of virtual assets last year.

    "[North Korea] used increasingly sophisticated cyber techniques both to gain access to digital networks involved in cyber finance and to steal information of potential value, including to its weapons programmes," the UN report said.

    UN sanctions monitors reported in 2019 that North Korea generated an estimated US$2 billion between 2015 and 2019 for its weapons of mass destruction programmes, through widespread cyberattacks.

    Investigations by the Korea Development Institute (KDI) also concluded that North Korea's 2022 foreign currency reserve either remained unchanged at US$1.7-5 billion at the end of 2020 or grew marginally by US$2-3 million, despite its harsh economic situations from its pandemic border closure.

    The report said Pyongyang had recently been engaging in illegal tactics, such as cyberattacks and unlawful trade of coal and fishing rights, to gather foreign currencies, after the UNSC stepped up economic sanctions in 2017 and the pandemic shut North Korea's border with China.

    Richard Harknett, a professor and chair of the Center for Cyber Strategy and Policy at the University of Cincinnati, said North Korea's cyber operation was both "persistent and opportunistic" and should not be viewed as economic theft or crime but as a strategic approach leveraging cyberspace to circumvent international sanctions to resist international pressure on the regime.

    "North Korea is in strategic competition with the United States and the international community to retain a nuclear capability despite heavy economic sanctions," he said.

    "Successful cyber operations that move resources into Pyongyang are thus strategic cyber campaigns ... Cyber operations bring economic relief to North Korea so they do not have to give up their missile and nuclear programmes."

    Kang Jang-mook, a professor of international information security at Dongguk University in Seoul, also said North Korea's economic activities to fund its nuclear and missile programme had become impossible because of international sanctions, and cryptocurrency theft had become key for Pyongyang to evade sanctions and launder money.

    "North Korea targets mainly the cryptocurrency exchange or organisations run by the US government," Kang said.

    "Whether their hacking activities are big or small, it is a strategy to fund its ballistic missile programme ... it is not a problem that can be solved with one country strengthening its security. There must be cooperation between multiple countries."

    North Korea's hackers, considered to be one of the world's most sophisticated, are controlled by its main intelligence unit the Reconnaissance General Bureau (RGB). RGB runs covert cyber groups, such as Kimsuky and Lazarus Group that are believed to share malware and hacking codes for cryptocurrency theft or to steal information about critical technologies such as Covid-19 vaccines.

    North Korean cyber criminals are not a "monolith" and can have multiple targets, which complicates law enforcement, said Alex O'Neill, a co-founder of the Harvard Kennedy School Belfer Center's North Korea Cyber Working Group.

    "Some hackers go after big targets, like banks and cryptocurrency exchanges. Less sophisticated actors engage in petty e-crime, like online gaming scams, while others perform IT work that could be legitimate if not for sanctions," O'Neill said.

    O'Neill added that many of North Korea's high-profile operations involve social engineering tactics, where cybercriminals manipulate victims into "letting their guard down" and work with global criminal groups to launder the proceeds of their cyber theft.

    "North Korea's cyber operations are a global threat that requires a global response," said Neuberger. "It will take a whole-of-government effort, working with our allies and partners, to counter North Korea's malign cyber activities."

    As the international community grapples with the threat of North Korean cyberattacks, security experts emphasise the importance of a coordinated response and the need for countries to work together to improve their defences and hold the rogue regime accountable for its actions.

    This article originally appeared on the South China Morning Post (SCMP).

    Copyright (c) 2023. South China Morning Post Publishers Ltd. All rights reserved.

    More from This Week in Asia

    This Week in Asia4 min read
    Indonesia's Young Garuda Footballers Eye Olympic Glory As U-23 Asian Cup Run Ignites National Pride
    Indonesia's national under-23 football team unleashed patriotic fervour across the sports-mad nation with a string of impressive performances in the U-23 Asian Cup, raising hopes for a shot at Olympic glory despite a recent heartbreaking defeat. The
    This Week in Asia4 min readWorld
    Forest City Fallout: Malaysia's Anwar, Tycoons Urged To 'Walk Back Threats' Over Casino Report
    Malaysian Prime Minister Anwar Ibrahim is facing criticism for leading calls to shut down a contentious report on casino plans for a flatlining urban project, as the Forest City fallout unfolds and questions mount over the hold of Islamists on public
    This Week in Asia4 min read
    Save The Jeepneys: Philippine Business Leaders Join Call To Suspend Modernisation Of 'Cultural Icon'
    An ongoing strike by public transport drivers and operators in the Philippines against a government policy to phase out traditional jeepneys has drawn unexpected support from business leaders. The latest voices comprised commerce and labour groups, w

    Related Books & Audiobooks