North Korean Cyber Warriors Are Fueling Kim Jong-un’s Nuclear Weapons

North Korean Cyber Warriors Are Fueling Kim Jong-un’s Nuclear Weapons

Cyber operations are being used to not just fund the beleaguered Kim regime, but also to upgrade its strategic weapons such as nuclear weapons and ballistic missiles


North Korea has thus far conducted six nuclear tests (October 2006, May 2009, February 2013, January 2016, September 2016, and September 2017) and a number of ballistic missile tests. Since its first nuclear test, international sanctions against Pyongyang have been imposed and have strengthened over time. Even China, North Korea’s only military ally and primary benefactor in the post-Cold War world, has joined them. Certainly, the North Korean economy has severely suffered from the sanctions because they have been quite strictly implemented. Kim Jong-un, supreme leader of North Korea, acknowledged in 2018 that the harsh international sanctions imposed on Pyongyang were life-threatening. Tightened sanctions appeared to be effective during the Trump administration as many people argued that they drove the two historic US-North Korea Summits (in Singapore in June 2018 and Hanoi in February 2019).

In retrospect, however, it seems more accurate to say that Kim came to the negotiating table in accordance with his own schedule and strategic plans. That is, he initiated nuclear talks with the United States only after he concluded that North Korea completed its nuclear capabilities. With no intention of giving up its nuclear weapons, North Korea has not ceased enhancing its nuclear capabilities. Unsurprisingly, North Korea’s provocations have persisted in the Biden administration as well, which took office in January 2021. By early May of this year, North Korea launched twelve short- and medium-range missiles as well as two intercontinental ballistic missiles and a submarine-launched ballistic missile in the middle of the Covid-19 pandemic, breaking its self-imposed four-year moratorium on strategic weapons tests. Moreover, there are various signs that it is now preparing for another nuclear test.

What is puzzling here is the following: how could North Korea finance those tests? Making and testing nuclear weapons and ballistic missiles demand enormous capital. No sanctions relief have been given so far since no real progress has been made on North Korea’s denuclearization. Despite the isolated nature of the North Korean economy (i.e., China currently accounts for over 90 percent of the world’s merchandise trade with North Korea), the pandemic has reportedly had a serious impact on it. Kim actually admitted last year that North Korea’s situation was the “worst-ever.”

Thus, what has made it possible for North Korea to continue its expensive testing under the tightened international sanctions regime and the pandemic environment? The answer is North Korea’s asymmetrical weapon: its offensive cyber capabilities. North Korea’s various cyber capabilities, including espionage, sabotage, online bank heists and hacking, reconnaissance, and malware attacks, offer a very efficient means to circumvent international sanctions imposed against it. North Korea has persistently invested in strengthening its cyber warfare capabilities in the post-Cold War world. In particular, since Kim’s 2013 remark that North Korea’s cyberwarfare capabilities were its “all-purpose sword” and offered significant strategic value, Pyongyang has made great efforts in advancing them. Pyongyang’s cyber capabilities, along with nuclear weapons and ballistic missiles, constitute its “asymmetric warfare capabilities” and serve its strategic aims such as causing social disruptions in antagonistic countries, counterbalancing inferior conventional military capabilities, financing its impoverished regime, and so on.

What is worth paying special attention to is North Korea’s cyberattacks on financial institutions, which have dramatically increased in the last decade. Among others, North Korea’s cyberattack against Bangladesh central bank in 2016 was shockingly alarming because the hackers used the Society for Worldwide Interbank Financial Telecommunications (SWIFT) banking networks, which are the backbone of the global financial system, for an illicit money transfer of $81 million. It illustrated that even a global financial system such as SWIFT that carries billions of dollars daily can also be vulnerable to North Korea’s sophisticated cyberattacks.

Prior to this attack, North Korea already demonstrated its capacity to launch paralyzing cyberattacks against foreign banks. Pyongyang’s 2013 cyberattacks on South Korean banks are a good example. North Korea is believed to be currently involved in cyber heists in more than twenty countries. In addition, cryptocurrency exchanges have increasingly been a major target of North Korea’s cyberattacks. The UN Panel of Experts monitoring sanctions on Pyongyang reported in 2018 that North Korea explained 65 percent of stolen cryptocurrencies in the world during 2017-2018. According to the same panel, North Korea from 2019 to November 2020 stole about $316.4 million in cryptocurrencies through cyberattacks. In February of this year, the panel reported, citing cybersecurity firm Chainalysis, that North Korea had earned about $400 million in digital assets in 2021 alone as a result of the launches of more than seven cyberattacks on cryptocurrency platforms. Furthermore, in April the U.S. Treasury Department linked North Korea to the theft of almost $615 million in cryptocurrency from blockchain project Ronin, which is tied to the popular online game Axie Infinity. The Ronin hack, which occurred on March 23, was the second-largest cryptocurrency theft on record. Lazarus, a North Korea’s state-sponsored hacking group controlled by the Reconnaissance General Bureau (RGB), Pyongyang’s primary intelligence bureau that oversees North Korea’s cyber operations, was behind almost all of these cyberattacks.

What is problematic is that the money extracted from these cyber operations is being used to not just fund the beleaguered Kim regime, which is under robust UN and U.S. sanctions, but also to upgrade its strategic weapons such as nuclear weapons and ballistic missiles. In fact, the reason that North Korea could continue to provoke its adversaries with numerous nuclear and ballistic missile tests under a harsh international sanctions regime was because of Pyongyang’s proficient cyberattack capabilities, which often provide high yields with relatively little costs and risks. Unlike other strategic weapons development that demands huge costs and long investments, cyberattacks only need talented cyber warriors (North Korea is believed to have about 6,800 cyberwarfare professionals). Moreover, they usually do not trigger major armed conflicts due to a high degree of deniability and the deficit of accountability. Nevertheless, as seen from North Korea’s past cyberattacks, such as the 2014 Sony Pictures Entertainment hack which forced the company to rebuild its computer network and the 2017 WannaCry ransomware attack which compromised more than 300,000 computers in about 150 countries, they have a potential to become a major source of interstate conflicts.

Hence, North Korea’s evolving cyber capabilities pose a new type of threat to international security. Particularly worrisome in this regard is strengthened ties in the cyber field among traditional northern (and now all nuclear-armed) allies—Russia, China, and North Korea—in recent years. For instance, the 2020 UN Panel of Experts reported that quite a few North Korean information technology workers had entered Vladivostok and were illegally stationed there, violating UN Resolution 2397 that stopped North Korean employees from reentering Russia later than the mandatory deadline of December 2019 repatriation. Furthermore, Moscow, in addition to training North Korean hackers, reportedly sold North Korea GPS jamming apparatus that can disrupt adversaries’ navigation systems. Meanwhile, Beijing is believed to have long provided Pyongyang with hardware support for North Korea’s illicit cyber activities. In October 2020, however, the U.S. Justice Department accused China of assisting North Korea launder virtual assets from massive cyber thefts. China’s assistance here goes beyond a usual way of supporting Pyongyang through Chinese cyber infrastructure such as servers and routers. Simply put, both Moscow and Beijing continue to supply Pyongyang with training, technology, and materials support for its cyber operations. This kind of cooperation in the axis of the northern cyber powers is likely to continue as the three authoritarian allies who support cyber sovereignty as opposed to cyber freedom have a common goal of weakening U.S. hegemony, in general, and U.S. cyber supremacy, in particular, and the world moves towards a new Cold War era.

Min-hyung Kim is a Professor in the Department of Political Science at Kyung Hee University, Seoul, South Korea. He can be reached at [email protected]

Image: Reuters.