While North Korean Missiles Sit in Storage, Their Hackers Go Rampant

Pyongyang’s hacker armies have shown a proficiency to finding vulnerabilities and exploiting them—and the world needs to be prepared.

Kim Jong Un watches intercontinental ballistic missile test-fire.
Kim Jong Un watches intercontinental ballistic missile test-fire.
North Korean leader Kim Jong Un inspects the test-fire of intercontinental ballistic missile Hwasong-14 at an undisclosed location on July 4, 2017. STR/AFP via Getty Images

They’ve stolen billions of dollars, according to the U.S. Department of Justice. They’ve paralyzed the United Kingdom’s National Health Service, according to the U.K. Foreign, Commonwealth, and Development Office. And they’ve apparently hacked India’s newest nuclear power plant to steal its designs.

They’ve stolen billions of dollars, according to the U.S. Department of Justice. They’ve paralyzed the United Kingdom’s National Health Service, according to the U.K. Foreign, Commonwealth, and Development Office. And they’ve apparently hacked India’s newest nuclear power plant to steal its designs.

North Korean hackers have gone from spying on and disrupting their South Korean adversaries to stealing large sums of money, robbing cutting-edge technology, and causing havoc. While senior U.S. and Japanese officials are meeting this week to discuss regional security—especially with a focus on North Korea’s missiles—many experts say Pyongyang’s hackers are potentially a bigger threat than the massive rockets North Korean leader Kim Jong Un parades around every year.

“When comparing hackers to missiles, I definitely think that these guys are a bigger threat,” Simon Choi told Foreign Policy. He founded and runs IssueMakersLab, a nonprofit that specializes in infiltrating and tracking North Korean hacker groups. “They’re ready to use [missiles], but they haven’t done it yet. But hacking, we see it happen every day, all around us,” he added.

His organization has logged the activities of several different hacker groups linked to different parts of North Korea’s government, including its army and intelligence services. The trend line is clear, Choi said: They’re becoming more active and more proficient. 

“They have been growing immensely recently. In the past, they used the same techniques that China and the United States have, based on open-source information. But recently, they’ve been showing progress in finding the weakness of the targets,” Choi said.

“Pyongyang developed advanced cyber warfare prowess surpassed by only a few nations.”

For example, North Koreans have recently found zero-day exploits in Google, which means they found a vulnerability and exploited it before it was discovered and fixed. 

The Lazarus Group, perhaps the most notorious North Korean state-backed group, posed as security researchers to infect users’ Chrome browsers.

“When it comes to that, finding vulnerabilities, [North Korea] can be one of the top three in the world,” Choi said.

Mike Pompeo, former U.S. secretary of state, said last year that North Korea is a bigger threat than Russia when it comes to cyberattacks, and its growth is reminiscent of previous developments coming out of Pyongyang.

Experts were initially dismissive of North Korea’s cyber capabilities, as they had been of the regime’s nuclear and missile programs,” said Bruce Klingner, a former CIA Korea deputy division chief who is now at the Heritage Foundation. “Pyongyang developed advanced cyberwarfare prowess surpassed by only a few nations. The regime improved its cyber programs to create a robust and global array of disruptive military, financial, and espionage capabilities,” he added.

North Korean hackers can’t do more damage than a nuclear weapon, of course. But the big difference is that Pyongyang can unleash its hackers, even in peacetime, while keeping its nuclear-tipped arsenal in wait. 

The difference is in usability,” said Benjamin Read, director of analysis and threat intelligence at the cybersecurity company Mandiant. Cyber capabilities, whether North Korean or Chinese, can help tip the balance of power even below the threshold of war.

In the meantime, Pyongyang has used cybercrime to secure hard currency for the heavily sanctioned country, and, according to CNN, a lot of that money is being siphoned into its weapons program. It’s not warfare—but it funds potential warfare. 

“There’s an argument to be made that this sort of cybertheft enables [nuclear weapons], and if you judge North Korea to be risk tolerant enough to be the most likely country to use those to hit the U.S., that calculus gets you to them being the biggest threat,” Read said.

North Korea’s propensity to use its hackers for crime stands in contrast to other U.S. adversaries.

North Korea’s propensity to use its hackers for crime—robbing banks and emptying cryptocurrency wallets, according to the U.S. Department of Justice—stands in contrast to other U.S. adversaries like Iran, Russia, and China. Iran used cyber capabilities to take aim at Saudi Arabia’s oil production, for instance. Russia has used cyber capabilities to unsettle states in its orbit, especially Georgia and the Baltic states. 

“Russia and Iran will do some destructive stuff but less crime,” Read said. “China has some overlaps with criminal groups but has not done as much cyber disruptive stuff. They certainly could, but they just haven’t.”

North Korea, in contrast, doesn’t seem to respect those boundaries. It launched several disruptive attacks against South Korea—including a huge theft of South Korean military secrets—and is believed to be responsible for the WannaCry ransomware attack that locked hundreds of thousands of people out of their computers and sent several U.K. hospitals offline in 2017. Pyongyang’s willingness to mix crime with state-directed cyberthreats makes it almost uniquely problematic.

“North Korea does not seem to respect many boundaries. They’ve been heavily into crime, but they historically have had no problem crossing that kind of dotted line,” Read said.

Morten Soendergaard Larsen is a freelance journalist based in Seoul who writes about geopolitics.

More from Foreign Policy

The USS Nimitz and Japan Maritime Self-Defense Force and South Korean Navy warships sail in formation during a joint naval exercise off the South Korean coast.
The USS Nimitz and Japan Maritime Self-Defense Force and South Korean Navy warships sail in formation during a joint naval exercise off the South Korean coast.

America Is a Heartbeat Away From a War It Could Lose

Global war is neither a theoretical contingency nor the fever dream of hawks and militarists.

A protester waves a Palestinian flag in front of the U.S. Capitol in Washington, during a demonstration calling for a ceasefire in Gaza. People sit and walk on the grass lawn in front of the protester and barricades.
A protester waves a Palestinian flag in front of the U.S. Capitol in Washington, during a demonstration calling for a ceasefire in Gaza. People sit and walk on the grass lawn in front of the protester and barricades.

The West’s Incoherent Critique of Israel’s Gaza Strategy

The reality of fighting Hamas in Gaza makes this war terrible one way or another.

Biden dressed in a dark blue suit walks with his head down past a row of alternating U.S. and Israeli flags.
Biden dressed in a dark blue suit walks with his head down past a row of alternating U.S. and Israeli flags.

Biden Owns the Israel-Palestine Conflict Now

In tying Washington to Israel’s war in Gaza, the U.S. president now shares responsibility for the broader conflict’s fate.

U.S. President Joe Biden is seen in profile as he greets Chinese President Xi Jinping with a handshake. Xi, a 70-year-old man in a dark blue suit, smiles as he takes the hand of Biden, an 80-year-old man who also wears a dark blue suit.
U.S. President Joe Biden is seen in profile as he greets Chinese President Xi Jinping with a handshake. Xi, a 70-year-old man in a dark blue suit, smiles as he takes the hand of Biden, an 80-year-old man who also wears a dark blue suit.

Taiwan’s Room to Maneuver Shrinks as Biden and Xi Meet

As the latest crisis in the straits wraps up, Taipei is on the back foot.