An average of over 1.62 million cyberattacks per day target domestic public sectorsBy Kim Hyun-bin

North Korea has been utilizing cyber tactics to obtain billions of dollars annually in foreign funds, funneling these resources into its weapons of mass destruction (WMD) development programs.

According to the U.S. Treasury Department, North Korean hackers have amassed virtual assets worth billions of dollars, largely through cyber theft. Between 2020 and 2022, it is believed that they acquired approximately $17 billion in virtual assets. Last year alone, they stole $10 billion, adding to the $4.29 billion in 2021, totaling $31,29 billion over three years.

These ill-gotten gains serve as a crucial funding source for North Korea's WMD projects, including nuclear weapons and missiles.

North Korea's exploitation of virtual assets and the scope of their activities have expanded significantly in recent years, becoming a primary tool for achieving strategic objectives.

According to IT experts, North Korean hackers have been relentless in targeting virtual assets and financial transactions globally. Despite efforts by governments to thwart their activities, the hackers have continued to adapt and evolve, making it difficult to track and stop them. Furthermore, their targets have diversified to include sectors such as defense, energy and health care, amplifying the urgency for robust cybersecurity measures.

The United States, in particular, has identified the elimination of virtual asset theft as a top priority in its response to North Korea's cyberattacks.

Earlier this month, a report from the U.S. Treasury Department indicated that North Korea persists in conducting "malicious" cyber operations, leveraging its information technology (IT) workforce to fund its WMD initiatives. This assessment was included in the 2024 National Proliferation Financing Risk Assessment, which the department released alongside evaluations on money laundering and terrorist financing risks.

"The DPRK continued to conduct malicious cyber activity and deploy information technology workers to, at least in part, fund its WMD capabilities," the U.S. Treasury Department report stated. "This activity included efforts to illicitly raise revenue in fiat currency and virtual assets, including hacking of VASPs and, to a lesser extent, ransomware attacks."

VASP stands for virtual assets service provider. The U.S. National Security Council has also underscored the severity of the situation, emphasizing the critical need for a coordinated international response.

One of the key concerns is North Korea's ability to launder stolen virtual assets and evade detection. Recent cases have highlighted the sophisticated methods employed by North Korean operatives to transfer funds covertly, posing significant challenges to law enforcement agencies worldwide.

In response to the escalating menace presented by North Korea's cyber operations, nations have escalated their endeavors to bolster their cybersecurity capacities and foster closer collaboration with global allies. This includes initiatives like establishing trilateral cooperation frameworks, exemplified by partnerships among South Korea, the U.S. and Japan.

The expansion of North Korea's cyber activities has prompted urgent calls for countermeasures. In South Korea, cyberterrorism by North Korean hacker units persists. According to the National Intelligence Service (NIS), 80 percent of cyberattack incidents targeting domestic public institutions were traced back to North Korea. The past year saw an average of over 1.62 million cyberattack attempts per day aimed at the domestic public sector.

“North Korea has exceptional hacking capabilities, to the extent that they've even established state-run hacking units. Unlike us, who receive formal education in hacking or related skills, North Korea has been nurturing prodigies from a young age, leading to their hacking expertise being considered among the world's best. These hackers are not only proficient in security breaches but also engage in widespread hacking activities, including virtual currency systems,” said Shin Jong-woo, a senior researcher at the Korea Defense and Security Forum.

According to the NIS, North Korea's cyber operations are directly overseen by leader Kim Jong-un, who personally dictates the targets and objectives for these cybercrimes.

“We observe recent developments in North Korea's weapons development and it's apparent that they've incorporated technologies obtained through hacking. Moreover, North Korea isn't limiting its hacking endeavors to just South Korea but even hacking activities targeting Russia as well. North Korea aims to enhance its military technology via hacking,” Shin said.

The targets of these attacks are reported to have been adjusted based on Kim’s instructions. During periods of food shortages last year, the focus shifted toward attacking domestic agricultural and fisheries research institutions. However, following mentions of bolstering naval capabilities in August and September of the same year, the efforts turned toward domestic shipbuilding companies, with a focus on obtaining blueprints and design data.

"North Korean-developed tanks and surface-to-air missiles bear a striking resemblance to Russian-made counterparts. It appears that they have utilized stolen blueprints and other materials for weapons development,” an NIS official said.

Additionally, following Kim’s directive to enhance the production of drones and unmanned aerial vehicles in October, cyberattacks targeted both domestic and global companies and associated websites to acquire drone engine data.

A defense white paper issued in December 2020 revealed that North Korea operates around 6,800 cyberwarfare personnel, placing it fifth globally after the U.S., China, Russia and Israel. Experts warn that this number could rise to 12,000 when including next-generation core personnel.