Cyber disruption and cybercrime: Democratic People’s Republic of Korea

In 2014, the world discovered that a North Korean hacker group had illegally accessed Sony Entertainment Pictures’ network, deleted content from several computers and leaked stolen information on the internet. In 2017, ransomware named WannaCry was found to have affected more than 200,000 computers across the world. This was also attributed to North Korean actors. On the face of things, North Korea appears to be disconnected from much of the internet. The reality is, however that it has extensive cyber capabilities. These capabilities are an additional tool in Pyongyang’s asymmetric strategy, a strategy derived from its development of nuclear weapons. North Korea has been developing its cyber capabilities in parallel to its nuclear weapons program. The latter has brought a great deal of international attention to North Korea but has also resulted in several rounds of international sanctions. However, the advantage to North Korea of the use of its cyber capabilities is that it may attract international attention but with a reduced risk of sanctions. Another important difference between the North Korean cyber and nuclear programs is that Pyongyang also uses its cyber capabilities for financial gain. Hacker groups associated with the North Korean government have targeted financial institutions and cryptocurrency exchanges to generate revenue for the regime.