North Korea’s Path to Becoming A Global Cyber Power

While politicians and diplomats focus on North Korea’s growing nuclear weapons and ballistic missile capabilities, security professionals keep a close eye on the country’s increasing cyber competencies.

This is the country where international calls are considered a crime. And the same country where people only have access to a local intranet launched in 2000. Needless to say, thousands of international websites and apps are banned.

Yet, North Korea worked its way up into becoming a strong cyber threat actor for over a decade.

Some famous North Korean hacks include the WannaCry ransomware or the recent luring scheme through fake social media accounts that Google discovered.

But let’s find out more about North Korea’s rise in becoming a global cyber power.

Delving into North Korea’s history of cyber evolution

For years, the United States has been negotiating with North Korea to stop the country’s nuclear development and its export of ballistic missile technology.

Diplomatic talks broke down in 2009 after disagreements over an internationally condemned North Korea rocket launch. Since then, Pyongyang authorities have disregarded further demands and international agreements.

The same year, 2009, was when North Korea started to build its step-by-step cyber attack techniques. It was after the US stated North Korea’s cyber capabilities are still rock bottom. The US claimed it would take years to develop them into a significant threat.

Here is what North Korea did:

      • It consolidated all its intelligence and internal security services.
      • The country placed these services under the direct control of the National Defense Commission.
      • It merged intelligence organizations and its cyber units into the Reconnaissance General Bureau (RGB).
      • The RGB became North Korea’s main foreign intelligence service and headquarters for special and cyber operations.

In 2013, the RGB set up a special unit tasked with hacking international financial institutions to extract foreign currency to support North Korea’s nuclear and ballistic missile programs. The unit was also responsible for installing malicious backdoors in software development businesses in Japan and China.

North Korea has been exploiting cyber vulnerabilities to pursue its foreign policy goals. At a high level, its national objectives are:

      • Ensuring the stability of the regime
      • Showcasing power and preserving the regime’s reputation
      • Fueling up the local economy

The country’s cyber units have progressively developed their resources, assets, malware engineering, and coding capabilities based on their experience from attacking different targets.

Currently, the authorities supervise around 6,000 cyber agents through four intelligence organizations scattered across the globe.

The timeline of North Korean cyber attacks

At first, cybersecurity experts considered North Korea a second-rate hacking force. They also believed their attacks were relatively easy to decode. Researchers rated North Korean hackers’ operational skills well behind countries like the US, Russia, and Israel.

But those days are gone.

Here are the most notorious North Korean hacks:

The breach at Sony Pictures Entertainment. The hit led to the release of tens of thousands of confidential Sony emails and business files.

Breaches at US movie theatre chains AMC Theatres and Mammoth Screen

Attempts of hacking US defense contractor Lockheed Martin

The Bangladesh Central Bank cyber-heist

The WannaCry ransomware outbreak

Hackers scrambled data on more than 300,000 computers in 150 nations, causing billions of dollars of damage. It hit government agencies, banks, and other businesses worldwide and paralyzed parts of the UK’s health care system.

Hacks of banks all over the world targeting the SWIFT banking

system and ATM jackpotting

A long string of hacks of South Korean news media organizations,

banks, and military entities

Chrome Zero-Day vulnerability – a bug in Chrome’s audio component, corrupting memory space
Luring campaign towards the infosec community through fake social media profiles

Google’s Threat Analysis Group (TAG) believes hackers backed by the North Korean government have been posing as computer security bloggers. They used fake accounts on social media attempting to steal information from researchers in the field.

The infamous Lazarus Group is responsible for several of the cyberattacks, including the 2017 WannaCry ransomware attack.

North Korean hackers’ primary focus was on building destructive campaigns.

Cyberattacks linked to North Korea have proved their increased ability to identify and exploit computer security systems vulnerabilities. Experts say they can breach widely used computer products, such as Google’s Chrome internet browser and Microsoft’s Windows 10 operating system. And they create advanced malicious code some antivirus programs can’t detect.

The UN Security Council estimates North Korea earned as much as $2 billion over several years through illicit cyber operations by 2019.

Based on intelligence evaluations, North Korea is the second-fastest threat actor, after Russia, in terms of breakout time, aka how long it takes the attacker once inside the network to complete the attack.

On average, it takes North Korean hackers 2 hours and 20 minutes to achieve breakout. By comparison, Chinese attackers manage the same performance in 4 hours, while Iranians handle it in about 5.

Keeping North Korean threats away from your system

Kim Jong Un, the Supreme Leader of North Korea, declared that advancing its cyber capabilities is equally important to nuclear power. He claimed that “cyber warfare, along with nuclear weapons and missiles, is an ‘all-purpose sword’ that guarantees our [North Korea’s] military’s capability to strike relentlessly.”

Clearly, we’ll keep hearing about North Korean cyber schemes. Their attacks are far from being over. And since North Korean hackers hit regular services on a large scale, anyone is a potential victim.

There are a few things you can do to stay away as much as possible from their threats.

Beware of phishing emails

Phishing emails are classic frauds that trick you into disclosing personal information or passwords.

Read every email carefully, look for details that are slightly out of place, and don’t click on any links! This is a typical scam that tricks users into downloading malicious code.

Use strong passwords

Be extra careful with the passwords you choose for your accounts. Using strong passwords for each of them is a small step, but it makes a big deal on protecting your digital privacy.

Longer and complex passwords are the way to go, so attackers wouldn’t be able to crack them.

You can also take it up one notch and use 2-factor authentication as well.

Rely on a VPN

A VPN encrypts your connection with bulletproof 256-AES bit technology, keeping you safe from snoopers. By hiding your IP address, it protects your privacy and increases your security.

Here you can also find other tips on how to stay safe online.


What do you think is next for North Korea in terms of cyber-attacks? Have you ever been their victim?

Let me know in the comments below.

Leave a comment

Write a comment

Your email address will not be published. Required fields are marked*