North Korean Cyber-Enabled Economic Warfare
North Korea pledged to “cease all hostile acts … in every domain” as part of the Panmunjom Declaration, which Kim Jong Un and South Korean President Moon Jae In signed in April. When Kim met U.S. President Donald Trump in June, the North Korean leader committed to “build a lasting and stable peace.” Yet, even as diplomacy proceeded at the highest levels, Pyongyang continued to engage in cyber attacks against the national security and economic base of South Korea. Experts estimate that South Korea suffers as many as 1.5 million attempted cyber intrusions from North Korean hackers every day. Pyongyang uses cyber tools to support “active measures” and spread disinformation to sow division in South Korean society, and to undermine the Republic of Korea (ROK) government.
The heavily sanctioned and cash-strapped North also uses cyber attacks to generate illicit funds from ransom payments, cryptocurrency exchange hacks, and fraudulent inter-bank transfer orders. Cyber espionage has provided the regime with critical intelligence on its adversaries. In September 2018, the Department of Justice pressed charges against a North Korean computer programmer, Park Jin Hyok, for not only working on behalf of the North Korean government, but also being involved in several infamous North Korean cyber operations such as the Sony Pictures hack, SWIFT Bangladesh Bank theft, and WannaCry, which will all be discussed in this report. Attribution is often a tricky endeavor. Yet, the Justice Department presents comprehensive evidence based on forensic technical analysis that link these major North Korean cyber intrusions back to Park. This not only paints a clearer portrait of the Kim regime, but also the diverse range of offensive cyber capabilities Pyongyang employs.
While Kim Jong Un’s nuclear and missile arsenal present the most extreme threat, both the U.S. and ROK should take note of North Korea’s growing cyber capabilities. These capabilities complement North Korea’s conventional and unconventional military weapons in a highly effective manner. North Korea’s cyber operations broaden the Kim family regime’s toolkit for threatening the military, economic, and even the political strength of its adversaries and enemies. Within the cyber domain, the United States and its allies should pay special attention to the emerging threat of cyber-enabled economic warfare (CEEW), or cyber attacks against an adversary “to weaken its economy and thereby reduce its political and military power.” CEEW attacks could compromise the networks of financial institutions, banks, and corporations that play an indispensable role in the nation’s economy. Sustained or expanded North Korean cyber attacks on the critical infrastructure and economies of South Korea, the U.S., and other nations could threaten the foundation of their power. Even more insidious is how such cyber attacks, or even the threat of them, may change the policy calculus of dealing with North Korea going forward. Essentially, North Korea could hold military and diplomatic policy hostage by putting a country’s industrial, financial, or energy sectors in its cyber cross hairs.
“Although North Korea’s cyber capabilities still cannot match those of Russia, China, and the U.S., they have improved substantially. Our case studies of six North Korean attacks show how their offensive tactics have evolved from basic distributed denial of service (DDoS) attacks to sophisticated use of malware.”
Although North Korea’s cyber capabilities still cannot match those of Russia, China, and the U.S., they have improved substantially. Our case studies of six North Korean attacks show how their offensive tactics have evolved from basic distributed denial of service (DDoS) attacks to sophisticated use of malware. In 2013, the world witnessed the DarkSeoul attacks in South Korea in which Pyongyang first demonstrated its ability to inflict physical damage through cyber-enabled means against South Korean banks and media companies. A little over a year later, in November 2014, Pyongyang used these destructive capabilities against U.S.-based Sony Pictures. North Korea’s cyber infiltration of more than a hundred private South Korea firms and government agencies between 2014 and 2016 foreshadows the battles to come.
The case studies in this report are not all explicit examples of CEEW operations. However, each of has significant implications for the future of CEEW. As diplomatic efforts to dismantle North Korea’s nuclear weapons program move forward – or even if they do not – the flexibility and plausible deniability of cyber capabilities may make them an even more attractive weapon for the Kim regime. To deal with this threat, the U.S., ROK, and other allies will have to enhance their resiliency while devising strategies to deter, thwart, and neutralize the North Korean threat.
Read the full report here.
David Maxwell, a 30-year veteran of the United States Army and former Special Forces colonel, is a senior fellow at the Foundation for Defense of Democracies, where Mathew Ha is a research associate focused on North Korea. Follow them on Twitter @davidmaxwell161 and @Matjunsuk.
FDD is a Washington-based, nonpartisan research institute focusing on national security and foreign policy. Follow FDD on Twitter @FDD and follow FDD’s Center on Sanctions and Illicit Finance @FDD_CSIF.