A recent report from cybersecurity firm Mandiant explained the secretive organizational structure of North Korea’s cyber operatives. While the Reconnaissance General Bureau (RGB) carries out the majority of North Korea’s cyber operations, Mandiant noted that North Korea’s United Front Department (UFD) also played a role in Pyongyang’s cyber program. The UFD is responsible for inter-Korean policymaking and diplomacy with the government in Seoul. But what is the role of the UFD in North Korea’s cyber program?
First, it is important to explain North Korea’s perpetual goal of reunification under Pyongyang’s terms and the historical role of the UFD in North Korea’s political structure. Since the founding of the Democratic People’s Republic of Korea (DPRK), Pyongyang has stated that its aim is the reunification of the Korean peninsula. In 1950, North Korea’s founding leader Kim Il Sung launched a violent campaign to reunify the two Koreas under his rule. Despite an armistice in 1953, the Kim family regime has never rescinded its goal of Korean reunification under the red banner. As former U.S. National Security Adviser H.R McMaster told Fox News in 2018, Kim Jong Un’s intentions “are to use that weapon for nuclear blackmail, and then to quote ‘reunify’ the peninsula under the red banner. So he would use this to extract payoffs as the regime has done with the nuclear program in the past and to drive the United States and our allies away from this peninsula that he would then try to dominate.” For Pyongyang, the Korean revolution can only be completed when both Koreas are unified under the DPRK’s terms. Despite South Korea’s rapid economic transformation and democratic governance, this theory of “final victory” still undergirds Pyongyang’s inter-Korean policies.
In fact, in January 2021, the Korean Workers’ Party (KWP) reworded its charter to align with the changing geopolitical landscape of the Korean peninsula. In the preface to “Rules of the Korean Workers’ Party,” Kim Jong Un revised the “Policy Line of the revolution of South Korea.” Rather than trying to reunify the peninsula via a pro-DPRK people’s uprising in the South, Pyongyang revised its reunification policy in a much more militant direction. The Kim family regime now formally seeks domination of the Korean peninsula via military means. As North Korea expert Cha Du Hyeogn of Seoul’s Asan Institute wrote, “The newly revised KWP Rules makes a tactical change that shifts to communization of the whole Korean Peninsula by enhancing North Korea’s military power and strengthening its capabilities to induce international support, instead of internal division in South Korea.” This important revision in KWP policy received little attention in the Western media but signals a massive shift in Pyongyang’s approach to its southern brethren. North Korea now officially accepts that the South Korean people are not clamoring for communization of the entire peninsula. Thus, North Korea seeks to use its nuclear arsenal to coerce and manipulate the government in Seoul. This military pressure campaign on the South will be aligned with the regime’s cyber operations. All of this points to a more dangerous future on the Korean peninsula.
In the KWP, the UFD is the institution responsible for coordinating and carrying out diplomatic activities with the South Korean government. Most importantly, the UFD is tasked with subverting the government in Seoul and implementing clandestine activities in South Korea. As North Korea expert Ken Gause puts it, “The United Front Department is the Party’s intelligence agency dedicated to South Korean operations.” The UFD conducts information warfare operations in South Korean territory. During the Cold War era, this largely entailed the use of psychological operations and the sending of spies south of the 38th parallel in a bid to undermine the Seoul government. After the end of the Cold War, the UFD shifted its activities to align with the digital age.
In cyberspace, the UFD is primarily tasked with disseminating pro-Pyongyang propaganda on South Korean web forums and comments sections. According to Mandiant, the UFD’s cyber units “promote pro-DPRK political narratives on web forums as well as conventional propaganda efforts, such as leaflets and radio broadcasts targeting their southern neighbor.” These UFD-affiliated internet trolls, which number around two hundred, hack into South Korean websites via international servers and steal the identities of South Korean internet users. The trolls’ constant changing of IP location obfuscates their connection to the North Korean government. From 2012-2013, the UFD’s army of internet trolls posted around 68,000 items of pro-DPRK propaganda on South Korean websites.
North Korea’s deployment of its cyber troll army in South Korean cyberspace is meant to weaken South Korean morale and faith in their political institutions. However, Pyongyang’s recent inter-Korean policy revisions signal that its UFD cyber operatives may change their strategy. The indications are that DPRK cyber agents, associated with the RGB, are increasingly targeting South Korea’s military-industrial complex. For example, in 2017, North Korean hackers targeted South Korea’s shipbuilding industry and may have acquired designs for a nuclear-powered submarine from South Korean networks. Pyongyang’s cyber agents have also stolen war plans from the South Korean military.
In order to defend against North Korea’s cyber intrusions, it is important to take into context Pyongyang’s grand strategy of reunification under the red banner. While such a scenario seems farcical to some outside observers, the Kim family regime still takes its utopian-driven reunification aims seriously.
Benjamin R. Young is an assistant professor of homeland security and emergency preparedness in the Wilder School of Government and Public Affairs at Virginia Commonwealth University. He is the author of the book Guns, Guerillas, and the Great Leader: North Korea and the Third World, and his writing has appeared in a range of media outlets and peer-reviewed scholarly journals. Follow him on Twitter @DubstepInDPRK.