Dealing With North Korea’s Dangerous Cyberthreat

COMMENTARY Cybersecurity

Dealing With North Korea’s Dangerous Cyberthreat

Sep 7th, 2021 2 min read
COMMENTARY BY
Bruce Klingner

Senior Research Fellow, Northeast Asia

Bruce Klingner specializes in Korean and Japanese affairs as the senior research fellow for Northeast Asia.
The regime’s cyber activities have elicited less response, despite their repeated attacks on governments, financial institutions and industries. krisanapong detraphiphat / Getty Images

Key Takeaways

North Korea's targets have ranged from nuclear power plants and other critical infrastructure to telecommunications, media and corporations.

North Korea’s cyber operations are also consistent with the regime’s long history of using criminal activities to acquire money.

The United States, in conjunction with foreign governments and the private sector, needs to augment cyber defenses and respond more forcefully to attacks.

North Korea appears to have restarted its nuclear reactor, enabling it to augment its ongoing production of approximately seven or more nuclear weapons per year. Pyongyang’s missiles and nuclear weapons have long garnered fear, international condemnation and tough sanctions.

The regime’s cyber activities, however, have elicited less response, despite their repeated attacks on governments, financial institutions and industries.

What started as rudimentary denial-of-service attacks against South Korea has been expanded into a robust array of disruptive military, financial and espionage capabilities with global reach. The regime’s cyber guerrilla warfare has stolen classified military secrets, engaged in cyberterrorism, absconded with billions of dollars in money and cybercurrency, held computer systems hostage and inflicted extensive damage on computer networks.

Its targets have ranged from nuclear power plants and other critical infrastructure to telecommunications, media and corporations. Following the onset of COVID-19, Pyongyang even trained its cyber weapons on pharmaceutical companies developing COVID vaccines.

>>> North Korea Ramps Up Nuclear Weapons Production

Pyongyang’s cyber protection rackets refrain from attacking entities in return for payment. Its cyber retaliation squads attack those who oppose the regime or demean its leaders. The most notable of the latter was the 2014 Sony hack inflicting financial damage on the company while threatening “9/11 style” attacks against any theater showing the movie “The Interview,” which ridiculed leader Kim Jong Un.

North Korea’s cyber weapons and tactics are consistent with its asymmetric military strategy. As the regime’s conventional military forces deteriorated in comparison with those of the United States and South Korea, Pyongyang developed new weapons to counter the growing gap in capabilities, including nuclear weapons, missiles and cyber operations.

North Korea’s cyber operations are also consistent with the regime’s long history of using criminal activities to acquire money. In recent years, Pyongyang prioritized financial targets to evade international sanctions and augment the regime’s coffers for its nuclear and missile programs. Cybercrimes are more lucrative and cost-effective than its long-standing criminal activities (counterfeiting and supplying slave labor) and its more recent practices of smuggling and illicit ship-to-ship transfers of oil.

Compared with these other criminal enterprises, cybercrimes are quite low-risk. They are difficult to detect, and there is little likelihood of international retribution.

North Korean hackers have proved adept at deeply penetrating even highly secure computer networks of governments, militaries, banks and international financial transaction systems, as well as critical infrastructure targets. It is certainly possible—many would say likely—that Pyongyang’s cyber warriors could inflict tremendous damage during a crisis or hostilities on the Korean Peninsula.

Nor is America safe from their predation. North Korea could paralyze critical infrastructure systems such as communications, dams, electrical grids, hospitals, nuclear power plants, supply chains and traffic-control systems. It could steal massive amounts of money or undermine the stability of the international financial system or worldwide markets. It could also conduct ransomware attacks on banks to gain money, flood the system with fraudulent transactions, or disable or destroy financial computer networks.

>>> North Korea Slams the Door on Dialogue—For Now

To date, however, neither the UN nor the U.S. has imposed many sanctions or taken other legal actions against North Korean cyber groups or the foreign countries that give them safe haven to operate and launder their ill-gotten money. The United States, in conjunction with foreign governments and the private sector, needs to augment cyber defenses and respond more forcefully to attacks.

Failure to do so enables North Korea to continue undermining the effectiveness of international sanctions and leaves the United States and its partners exposed to a potentially devastating cyberattack in the future.

This piece originally appeared in the Sun Sentinel