North Korea’s nuclear weapon adventures make for regular headlines in news channels, and to fund these nuclear tests they deploy covert cyber hackings. The nation has a history of criminal activities, be it counterfeiting the US $100 federal reserve notes and passing them off in various countries, or becoming the single largest producer of methamphetamine (a highly addictive drug). The development of a cyber army by North Korea in its attempt to keep an eye on its potential enemies and to establish its hegemony in the upcoming cyber world is an alarming situation for all other democratic countries. Facing heavy trade sanctions for its inhuman activities, North Korea’s regime involves itself in finding alternative methods to secure foreign capital for itself. Factors like covid-19 hitting the economy, and an all-time-low trade relations with other countries particularly China force them to commit such nefarious activities.

As per reports from a blockchain analysis company, Chain Analysis, North Korea has stolen almost $400 million of digital assets by attacking cryptocurrency platforms. The findings further reported that the frequency of attacks escalated from 4 to 7 times and the value extracted from these attacks grew up by 40%.

There are between 6000 to 7500 cyber warriors divided into four units to carry out cyber-terrorism against state infrastructure and financial services, and to hijack the latest defense technologies inspired by China’s cyber warfare. The cyber warriors set up their first unit in 1993.

The attacks help them gather large amounts of money with less reputational risk, and the other motivating factor behind such attacks is to have cyber warfare with its enemy nations as initially, they targeted South Korea to undermine its overall economy.

Dedicated office in North Korea

Bureau 121 formed in 1998 is a secret cyber attack group, for stealing confidential information from overseas nations. As per media reports, they operate from Shenyang, China, and many members of the group are teenagers. As per the defector Jang Se-Yul, more than 1800 members are operating from different parts of the world. They are highly trained and rewarded military officials, and their main targets are the USA, South Korea, and Japan.

Bureau 39, also known as ‘Cash for Kim’, is a secret agency that manages finances for the top leaders of North Korea, and also finances nuclear weapons. They are involved in multiple illegal activities like counterfeiting foreign currency, slave trades (human trafficking), and the illegal selling of drugs and arms. Earnings from these activities are used to train hackers and to provide them with the essential tools for hacking.

History of major attacks by North Korea

The 2014 attack on Sony network under the name ‘Guardian of Peace’ was one of the major cyber-attacks done on any organization, to obstruct the release of the comedy movie ‘The Interview’ based on the assassination attempt of North Korea’s leader Kim Jong Un.

In 2016, hackers from North Korea tried to rob $1 billion from Bangladesh National Bank using the SWIFT banking system but the bank was saved by a timely intervention from the authorities.

A group of hackers called ‘Lazarus’ carried out a heist of $275 million on the cryptocurrency exchange ‘KuCoin’ based in Singapore.

On 4th August 2022, there was an attack on a software supplier named Advanced Software Group, which was working with government agencies. A ransomware attack on the National Health Service (NHS) across the United Kingdom was implemented, and it tried to steal patients’ details and other pertinent data.

In December 2022, Daniel DePetris, a US-based foreign analyst, received an email to give his thoughts on North Korea’s security issues. When he inquired deeply about the emails he found that the mail was sent by a spy who disguised himself as the director of ’38 North’ think tank who wanted to target the analyst. “I realized it wasn’t legit once I contacted the person with follow-up questions and found out there was, in fact, no request that was made, and that this person was also a target”, DePetris told Reuters. Experts related to this field said that the hackers tried to find other countries’ approaches and policies towards North Korea and mainly wished to know where the Western policy is headed on North Korea.

China’s Assistance 

China helps North Korean hackers to launder the stolen money back to their country by helping them evade the economic sanctions. There is also support in the form of Chinese cyber infrastructure and in the form of providing training to the hackers. Some experts suggest that there are very poor internet conditions in Pyongyang and the hackers operate from the Chinese regions, especially those near China’s border cities such as Dandong. Some reports also give evidence to the fact that the famous hacker group Lazarus was trained by China’s cyber warfare department.

China helps North Korea’s Bureau 121 officials by giving them shelter in its country’s territory, and by providing them with all the basic facilities required for cybercrime (as per media reports).

China and North Korea have a student exchange programme, which eventually becomes the training ground for potential cyber hackers.

China’s Involvement in Cyberattacks 

Naikon APT (Advanced Persistent Threat) group backed by China’s People Liberation Army unit 78020 is involved in operations against national governments in the Asia-Pacific region.  After the report published by ‘Threatconnect’ and ‘Defense group inc.’, the activities of the group have decreased drastically. Seculations are that they have either gone silent or have changed their modus operandi. However, in 2020, Check Point Software Technologies’ threat intelligence arm revealed that the APT had many Asia-Pacific countries on its radar, and the case of cyber attacks on the Western Australian government was planned using the backdoor name ‘Aria-body’. 

Their victims are mainly government agencies which include Foreign Ministry and Ministry of Science and Technology, civil and military organizations in countries such as the Philippines, Malaysia, Cambodia, Indonesia, Vietnam, Myanmar, Singapore, Nepal, Thailand, and Laos.

By stealing confidential data of different government units, the ‘threat actors’ used to create mistrust between the different ministries. Their main aim is to gather geo-political intelligence.

China’s persistent use of cyber technology for unlawful activities has attracted North Korea towards it as its favorite teacher.

China Working at the Periphery 

There is no concrete evidence of a joint cyber attack by China and North Korea as of now. China mainly works on the periphery and North Korea operates from the center. Their confluence can also be substantiated by following the fact that there has not been a single cyber attack on China (However, Beijing has accused the US of Cyber attacks for stealing sensitive data) till date from North Korea. North Korea has also attacked all other nations except China. 

India – Digital Threats

As per the recent report of Panama-based virtual private network ‘Nordvpn’, the Indian users’ data is most commonly seen in cybercrime markets. The recent cyber attack on AIIMS Delhi, for which officials argued that it originated in China may have some North Korean connection also. With the rise of digital use, the vulnerability of such attacks will increase and there needs to be a robust mechanism to minimize such illegal attacks