Cash-strapped North Korea Believed to be Stepping up Cyberthefts

REUTERS/Kim Hong-Ji/Pool/File Photo
A North Korean flag flutters at the propaganda village of Gijungdong in North Korea, on July 19, 2022.

SEOUL — North Korea is suspected to have launched an average of 1.5 million cyber-attacks per day last year against the South Korean public sector, such as financial and infrastructure systems, according to sources close to the South Korean government.

The number of strikes has increased dramatically compared to that of four years ago, and many were performed in attempts to steal money, the sources said.

As Pyongyang is believed to be suffering a shortage of foreign currency due to border closures, which are one measure in place to protect against the coronavirus pandemic, and prolonged economic sanctions imposed on the country, some South Korean experts say the attacks were carried out to offset financial difficulties.

Cyber-attacks made on the public sector numbered an average of 410,000 per day in 2016, but the figure increased about fourfold to 1.62 million in 2020, according to a report by South Korea’s National Intelligence Service submitted to the national assembly in November. About 40% of the forays were hacks, in attempts to attack financial institutions and to steal crypto-assets or virtual currencies.

According to the sources, 90% to 95% of the cyber-attacks targeting the country in 2020 — or an average of 1.5 million attacks per day — are believed to have been launched by North Korea. Most were made after being routed through other countries.

North Korea in the past executed cyber-attacks to steal information or crash infrastructure systems. However, the main purpose has shifted to stealing money in recent years.

Pyongyang is suspected to have been involved in a case involving Bangladesh Bank in which about $80 million (about ¥8.4 billion) was stolen in 2016. North Korea is also accused of being behind the WannaCry computer virus in 2017 that demanded banks around the world, including Japanese and U.S. institutions, pay ransoms.

The U.S. Federal Bureau of Investigation issued a warning in August 2020 that a group of hackers affiliated with the Reconnaissance General Bureau, North Korea’s foreign intelligence service, has resumed cyber-attacks against financial institutions in various countries since February last year.

According to a report by Slovak cybersecurity firm ESET, released in November 2020, another group of North Korean hackers has launched a new round of attacks exploiting South Korean security software programs.

The offensives are believed to reflect North Korea’s attempts to step up theft attacks as the country suffers financially amid the pandemic.

“North Korea is currently in a situation in which it can obtain foreign currency only through illegal means such as hacking,” said Korea University’s Prof. Yoo Ho-yeol, who specializes in North Korean studies. “Kim Jong Un’s regime is building up its cyberforces and is likely to continue attacks for monetary purposes.”