In North Korea, only a few people are allowed access to Kwangmyong, the national intranet service, as global internet access is restricted to a group of selected people, and the country has one of the weakest internet infrastructures in the world. Nonetheless, North Korea is a formidable cyber power, standing alongside major players like the United States, China, Russia, the United Kingdom, Israel and Iran. North Korea has been increasing resources to enhance and expand its cyber capabilities, as testified by the intensification of the regime-sponsored attacks that the world has witnessed in the last 10 years. Amongst the most blatant offensive cyber-attacks allegedly linked to hacker groups close to North Korea are the Sony Pictures attack, the WannaCry attack, and the DarkSeoul attack, despite the North’s constant denial of any involvement with these attacks or the damage suffered by them. North Korea’s cyber army consists of approximately 7,000 hackers, performing a wide range of activities including theft, denial of service (DDoS), espionage and sabotage. These types of operations have proved to be very useful as part of North Korea’s asymmetric strategy towards the ROK-U.S. Combined Forces Command. Cyber operations are low-cost and low-risk, allowing North Korea to counter countries which have highly computer-dependent infrastructure, with little fear of retaliation. Due to their low-intensity, these attacks often lie beneath the threshold of an armed attack, reducing the risk of escalating the conflict to an unaffordable level. Pyongyang has consistently been using cyber-attacks with its political and strategic agenda. These attacks have been instrumental in supporting its espionage strategy, retaliating against competitors and sustaining its economy through financial thefts. There is no reason to doubt that cyber operations will continue to be an integral part of the regime’s national strategy. Hence, they should be amenable to analysis as any other offensive behavior in the kinetic field.
The wide variation of the regime’s activity throughout the years has often been perceived as chaotic, making the analysis of North Korean actions in cyberspace difficult. Therefore, a broad and general evaluation of the scope of the attacks would be helpful to infer meaning to this apparent randomness. This paper aims to ascertain how North Korea’s cyber operations against South Korea have evolved in the period between 2009 and 2018. Through understanding its behaviors hitherto we can strengthen our strategies for the future. Broadly two main shifts in Pyongyang’s cyber operations are observed: (1) an increase in cyber-attacks aimed at financial gain, (2) a decrease in the visibility of cyber operations at espionage and information gathering. One can only speculate as to the reasons behind the shifts. It could be that Pyongyang has shifted its target, thus concentrating more of its efforts on hacking financial institutions in order to reduce the impact of international sanctions. North Koreans could have also improved its deception capabilities, making it more challenging for South Korea to detect its espionage activities. This means that both types of activities are being carried out. It appears that North Korea’s interests in demonstrating its cyber capabilities through blatant cyber-attacks have diminished, and over the years, its attacks have become increasingly subtle and sophisticated.
Given the changing nature of cyber-attacks, it is possible to outline three different strategic goals: at first, the main strategic goal was to cause disruption with Distributed Denial of Service (DDoS), then it turned to espionage and finally to financial gain. This classification can be subject to variations in minor attacks but it helps to clarify the general trends in the time frame considered. Also, it must be borne in mind that North Korea has always denied its involvement in cyber-attacks and proving its guilt conclusively can be very challenging. However, there are usually some indicators that point the finger at North Korea.
카카오톡
페이스북
블로그