If you think that it is only Chinese infiltrators roaming across the West, including on our very shores, then think again. For all the ever-expanding scope of ballistic missiles, frigates, and drones in North Korea’s arsenal, the hermit kingdom has been adding another body of weaponry to its toolkit: cyberwarfare capabilities.
It is yet another example of the North Korean regime denying its people one thing but providing its confidantes with another. Whilst the North Korean people are forbidden from accessing the worldwide web, the Kim regime has long been cultivating a network of state-sponsored computer scientists and hackers to fulfil one of the country’s core goals, namely, making money to fund its nuclear programme.
The North Korean regime earns around $500 million per year from its overseas workers
Between 3,000 and 10,000 North Korean information technology workers are based abroad (with the majority in Russia, China, and Southeast Asia, such as Laos); a further 1,000 remain within North Korea. These workers have gained notoriety for using stolen or fabricated identities – often multiple – in claiming to be Western software engineers seeking employment in Western firms. In reality, they seek to access and disrupt a company’s systems (and, if they are lucky, gain access to international financial systems) and reap the financial rewards. In December 2024, a federal court in St. Louis, Missouri, indicted fourteen North Korean nationals working for companies in China and Russia for extorting funds from US firms over a six-year period. The income they generated amounted to a not insignificant sum of $88 million (£66 million).
Many of these North Korean workers collaborate with facilitators in host countries, who knowingly provide them with remote access to the networks of overseas companies. The actions of one such facilitator in the United States, who stole more than 60 identities between 2020 and 2023, led to the North Koreans earning nearly $7 million (£5.3 million) in revenue. At the same time, many other North Korean ‘workers’ are hired inadvertently, albeit legally, by overseas firms, with no idea about these individuals’ true identities. The fact that thousands of North Koreans have been employed by Fortune 500 companies is a damning testament to the success of Pyongyang’s operations.
Akin to any other type of North Korean earning money overseas –whether construction worker or footballer – the vast majority of their earnings will be sent back to the Kim regime’s coffers in Pyongyang. After all, this is the ultimate reason why the regime sends North Korean workers abroad. A UN Panel of Experts report from 2024 deemed the North Korean regime to earn around $500 million (£380 million) per year from its overseas workers.
Now that this panel has ceased to exist – thanks to Russia’s veto on extending its mandate in March 2024 – the sums that will be heading in the Kim regime’s direction look like they will only increase. It is then no surprise that nearly 50 per cent – if not more – of North Korea’s weapons of mass destruction programme is funded from illicit cyber activities. The rise of cryptocurrency has only offered yet another realm for Pyongyang to exploit. In March this year, North Korean hackers stole a gargantuan $1.5 billion (£1.2 billion) in cryptocurrency from the Dubai-based firm ByBit, in what was the largest cryptocurrency heist in history.
In addition to stealing the identities of US software developers, North Korean cyber criminals have also gained a penchant for impersonating academics, journalists, and foreign embassy staff as part of concerted spear phishing campaigns. The logic of these criminals is simple: first, pretend to be a South Korean academic, journalist, or government official – often one who exists; next, e-mail a Western target, such as an academic or journalist, to ask them to review an article or answer questions about Korea-related issues. Having established a rapport through regular communication, the social engineers then send any relevant ‘documents’ to review, which can only be accessed through clicking malicious links or attachments.
Here, it is a win-win for the North Korean identity thieves. Not only do they gain information from their Western adversaries about how other states view North Korea – information which can be transferred to the ruling regime – but phishers may even be courteous enough to thank the recipient for their time by compensating them financially. And once the recipient has entered their bank details, the rest is history.
For a country that has long been seen as technologically backward, its state-sanctioned cyber soldiers are anything but. Their sophistication does not look likely to plateau anytime soon, a bleak fact that also applies to the country’s nuclear and missile capabilities. This is a country that has no desire either to improve its criminal human rights record or abandon its nuclear weapons, the latter of which it continues to fund through these lucrative acts of cyberwarfare. We must, therefore, resist the delusional calls by so-called ‘peace activists’ for a treaty between the two Koreas, as doing so would give the Kim regime a carte blanche to continue its bad behaviour across all realms and move us even further away from addressing the North Korea problem.
Why would anyone think that now is the right time for a ‘peace treaty’ between the North and South, the latter of which has long been a victim of Pyongyang’s cyberwarfare? Cries for such an agreement are merely a chimera by those who bear no shame in collaborating with the North Korean regime under the euphemism of ‘engagement’. And as history tells us, siding with the enemy never ends well.
Comments