Flashpoints | Security | East Asia

Why Is North Korea So Good at Cybercrime? 

North Korea is committed to advancing its cyber capabilities, and it shows in the results.

Why Is North Korea So Good at Cybercrime? 
Credit: Illustration by Catherine Putz

Despite U.S. and U.N. sanctions designed to stop the illicit financing of nuclear weapons, North Korea continues to baffle the world with its unprecedented success in sanctions evasions and cybercrime. As countries scramble to find consensus on cybersecurity protocols, North Korea has moved quickly to expand its cyber capabilities both at home and abroad. This signals to U.S. policymakers that as sanctions tighten in other areas, North Korea continues to exploit the vulnerabilities in cybersecurity to acquire funds for its dangerous nuclear weapons development program.

The cyber market’s size and lack of legal safeguards is a major attraction for North Korean financial crime as the country’s cyber operations are low-risk and low-cost, with potentially high gains. According to Nam Jae-joon, former director of South Korea’s National Intelligence Service, Kim Jong Un himself equated the importance of developing cyber capabilities to that of nuclear power, claiming that “cyber warfare, along with nuclear weapons and missiles, is an ‘all-purpose sword’ that guarantees our [North Korea’s] military’s capability to strike relentlessly.” 

In May 2020, the North Korean regime allegedly recruited at least 100 of its highest performing graduates from top science and technology universities into its military to manage its tactical planning systems. Mirim College, also known as the University of Automation, graduates approximately 100 hackers every year. According to defector testimony, Mirim College students learn to dissect Microsoft Windows operating systems, create destructive computer viruses, and code in various computer programming languages. Its specific emphasis on Microsoft Windows could possibly explain the infamous North Korean-led 2017 WannaCry ransomware cyberattack, which compromised over 300,000 computers in 150 countries by targeting vulnerabilities in the Microsoft Windows operating system.

Most recently, North Korean state media confirmed the establishment of a new science and technology university, possibly related to the country’s cyberwarfare and weapons development program, during its October 10 military parade. This indicates a national investment of government funds to ensure greater civil-military fusion, which would threaten not only regional stability on the Korean peninsula, but international security as a whole.

North Korea isn’t going at this alone. According to a U.S. Army report, North Korea currently commands an estimated 6,000 cyber agents through four intelligence organizations scattered across the globe – one being the infamous Lazarus Group responsible for several major cyberattacks, including the 2017 WannaCry ransomware attack. China, in particular, has the potential to do even more to support North Korean illicit cyber activity through training and academic instruction. North Korean students often study abroad at top Chinese science and technology universities such as the Harbin Institute of Technology (HIT) where they have access to advanced technology and equipment otherwise inaccessible in North Korea due to U.S. and U.N. sanctions.

Enjoying this article? Click here to subscribe for full access. Just $5 a month.

The Chinese government continues to pursue official academic partnerships with military-affiliated North Korean universities, which may be a stepping stone for future cyberattacks. In November 2019, the Chinese Ministry of Education and the North Korean Chairman of the Education Commission jointly signed the China-North Korea Education and Cooperation Agreement (2020–2030) to reinforce academic partnerships and postgraduate exchanges.

This collaborative government effort to increase foreign exchange and higher education training programs could potentially lead to elevated illicit activity, including cybercrime, given the nature of these science and technology universities. Similar to concerns regarding Chinese universities like the HIT educating future North Korean nuclear scientists, academic institutions could realistically provide ample opportunity for present and future North Korean cyber agents to obtain the necessary skills and knowledge to conduct high-level cyberattacks against the United States and its allies. Kim Heung-kwang, a North Korean defector who taught computer science for 20 years at Hamheung Computer Technology University, said he trained many of the country’s first cyber agents before they left for overseas training in China.

The U.S. government continues to uncover new and dangerous North Korean cyber threat groups, which pose serious concerns for international security and U.S. national interests. Even during a pandemic, North Korea will leverage its cyber prowess alongside China and Russia as it reportedly attempted to hack and steal funds from pharmaceutical companies researching COVID-19 vaccines and foreign countries’ national COVID-19 relief funds.

However, all is not lost for the United States and its allies. The U.S. Department of Justice can require cybersecurity audits for U.S. banks and financial institutions as part of deferred prosecution agreements to encourage compliance with basic cybersecurity protocols described by the Cybersecurity and Infrastructure Security Agency (CISA) and Financial Action Task Force (FATF). Beyond strengthening cybersecurity protocols and information sharing between financial institutions, the United States government can coordinate with its allies to conduct in-depth research on the whereabouts of overseas North Korean cyber centers. Businesses, hotels, and universities can all act as fronts for malicious North Korean-sponsored cyber activity.

Despite being considered secondary to China and Russia as a cyber threat, North Korea is committed to advancing its cyber capabilities and narrowing the cyber threat gap with China and Russia. The United States has the opportunity to gain from joint coordination with allied nations to protect shared global interests and international security. Shielding against pending cyberattacks is crucial, but preventing the training and dispatch of cyber agents is equally important in limiting the breadth of North Korea’s cyber-enabled financial crime.

Jason Bartlett is a research assistant in the Energy, Economics, and Security Program at the Center for a New American Security (CNAS).