The North Korean regime has conducted a record-shattering number of missile tests this year, and the regime’s growing aggression in cyberspace is becoming a dangerous and evolving threat to many countries around the world. North Korea has been using cyber operations to spy on the U.S. and South Korea since at least 2004, and it is estimated that by 2021, the North had conducted as many as 300 times more cyber-attacks than it had in 2004. As data suggest, Pyongyang has launched cyber operations much more frequently than missile or nuclear tests to target its adversaries. And with Pyongyang’s closing of its borders during the Covid-19 pandemic, the regime ratcheted up its cyber operations. In 2021, the Director of National Intelligence (DNI) said North Korean cyber-attacks have stolen vast sums of money from financial institutions around the world as well as millions of dollars worth of cryptocurrency to fund the country’s nuclear and missile programs.
Deputy National Security Advisor for Cyber & Emerging Technology on the National Security Council Anne Neuberger recently stated that North Korea funds about one-third of its missile and nuclear programs from cryptocurrency theft as well as the illicit activities of North Korean tech workers dispatched overseas. Cryptocurrency theft has arguably become one of the regime’s essential sources of revenue; while the country’s annual coal exports generate slightly more than $400 million, North Korean hackers have stolen $316.4 million worth of cryptocurrency from 30 countries using a malware known as “AppleJeus” since 2018.
In early April this year, a panel of experts at the United Nations Security Council Sanctions Committee on North Korea reported that between 2020 and mid-2021, North Korean cyber-attackers stole more than $50 million in digital assets from at least three cryptocurrency exchanges in North America, Europe and Asia. On October 18, 2022, U.S. Homeland Security Secretary Alejandro Mayorkas said in the last two years alone, North Korea has largely funded its weapons of mass destruction programs through cyber heists of cryptocurrencies and hard currencies totaling more than $1 billion. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) refers to malicious cyber activity by the North Korean government as “Hidden Cobra,” and the fact that the U.S. refers to Pyongyang’s cyber attacks targeting media, aviation, financial institutions, and major infrastructure around the world with a specific label shows the gravity of this issue in Washington’s wide-ranging efforts to combat cyber operations.
As shown by the latest comments from the United Nations and U.S. government officials, forging an aggressive international response to North Korea’s cyber aggression is a critical matter that goes beyond the cyber sphere; a strong joint action could play a significant role in deterring the regime’s nuclear and missile provocations. For this reason, various U.S. government agencies including the FBI, CISA, the U.S. Department of Homeland Security, and the U.S. Department of the Treasury are making ceaseless efforts to provide information on North Korean cyber attacks, and the Department of State’s Bureau of Cyberspace and Digital Policy (CDP) established in April 2022 offers special training program on dealing with North Korean malware to U.S. allies and partner countries.
This paper was published by IFANS. IFANS retains the copyright to this paper and invites readers to share and cite the work with attribution to both the author(s) and IFANS