The National Institute for Unification Education (NIU), which falls under the Ministry of Unification and oversees unified education in both South and North Korea, released a publication titled ‘2024 Understanding North Korea’ on Monday.
The NIU has been releasing this publication annually since 1974 and distribute it to educational institutions. However, this is the first time that an issue describes cyber threats emanating from North Korea through a separate category.
According to the report, North Korean dictator Kim Jong Un regards cyberattacks highly, ranking them alongside nuclear weapons as a top-three most effective tool of war. A likely reason for this is that cyberattacks are low-cost, difficult to trace, and capable both of generating significant revenue and causing extensive damage. Since the early 2000s, North Korea has utilized this tool vigorously, deploying the government’s estimated 6,800 hackers in continual attempts to steal South Korea’s confidential data and disable its computer networks.
In 1986, North Korea founded the Kim Il Sung Military University, dedicated to training soldiers in the techniques of cyberwarfare. In 2009, North Korea further strengthened its cyberattack capabilities by establishing the Reconnaissance General Bureau (RGB). The RGB manages North Korea’s hacking operations, overseeing groups like Lazarus, Kimsuky, and Andariel—all of which are cyberthreat operations that are directly traceable to the DPRK.
Initially, North Korea’s primary method of hacking involved disrupting computer networks through techniques like Distributed Denial of Service attacks (DDoS). Over time, they have refined their techniques and broadened their focus to include the hacking of financial networks, which have included banks, payment processors and other financial service providers. More recently, they have targeted cryptocurrency exchanges in order to steal digital assets.
These cyberattacks span across South Korea, targeting global entities including governments, national infrastructure, IT companies, and digital financial systems. According to a United Nations Security Council report from March 2024, North Korea derives 50% of its foreign income from cyberattacks. The country reportedly allocates 40% of this income to finance its nuclear weapons development program. Additionally, the report highlighted that in 2023 alone, North Korea stole $750 million in cryptocurrencies through hacking and cyberattack operations.
In response, the South Korean government, in collaboration with the United States, issued a ‘Joint Cybersecurity Advisory’ in February 2023 to counter cyberthreats emanating out of North Korea. Furthermore, South Korea issued standalone sanctions on North Korea-linked hackers last year.
“South Korea has imposed arms restrictions, trade limitations, and economic sanctions on North Korea,” said the NIU spokesperson. “Nevertheless, North Korea persists in seeking to acquire information through cyberattacks and hacking operations. We issued this year’s publication to raise awareness of this.”
Related article: Expert warns North Korean hacking techniques continue to evolve
A cybersecurity expert has warned that North Korean cyberattack techniques have evolved significantly since a DDoS attack in 2009, posing an increasingly serious global threat.
On Wednesday, Mun Chong-hyun, director of the Genians Security Center, discussed the evolution of the North Korean cyber threat at a seminar in Seoul, South Korea, which focused on North Korean hacking realities and countermeasures.
According to a report by the National Intelligence Service (NIS), public institutions in South Korea faced an average of 1.62 million cyberattacks daily in 2023. Mun emphasized that approximately 80 percent of these attacks originated from North Korea.
The North Korean Reconnaissance General Bureau, responsible for military intelligence and espionage, was established in February 2009. The Bureau leads cyberattacks against South Korea, engaging in activities like cyberterrorism and hacker training. READ MORE