The DPRK Threat Brief
This special report investigates the capabilities and intent of North Korea (officially the Democratic People’s Republic of Korea or DPRK), with a special focus on the cyber domain. Our objective: to provide insights that are actionable for business and government leaders seeking to mitigate risks through informed decisions.
North Korea describes itself as a “self-reliant socialist state” but it is more accurately described and understood as a Stalinist dictatorship. Leader Kim Jong-un, like his father Kim Jong-il and grandfather Kim Il-sung, holds ultimate power and dominates government functions through a mix of violence, rewards, and intense propaganda. A common misperception about the DPRK is that its relative poverty and lack of widespread modernization prevents them from mounting a modern cyberwar. Their policy of Songun (“military first”), however, means that cyberwar capabilities receive priority funding.
According to the US Intelligence Community, North Korea “poses a significant cyber threat to financial institutions, remains a cyber espionage threat, and retains the ability to conduct disruptive cyber attacks.” It also retains its nuclear arsenal, although the increased threat of its additional warheads has been balanced to some extent by the termination of its testing operations. Its traditional military capabilities threaten political and business entities in South Korea, while its sanctions avoidance efforts pose unique risks to both the U.S. government and businesses.
Overall, we assess that North Korea is a significant global cyber threat, an important source of regional political and diplomatic risk, and a less significant but still important kinetic threat to U.S. allies South Korea and Japan.
North Korea will be among the most volatile and confrontational WMD threats to the United States in 2019. North Korea’s history of exporting ballistic missile technology to several countries, including Iran and Syria, and its assistance during Syria’s construction of a nuclear reactor — destroyed in 2007— illustrate its willingness to proliferate dangerous technologies.
Pyongyang has prioritized developing a long-range, nuclear-armed missile capable of posing a direct threat to the United States. In 2016-2017, North Korea conducted a large number of ballistic missile tests, including its first ICBM tests. More recently, it has avoided missile tests for over a year, publically dismantled some facilities at nuclear test sites, and has announced its support for a denuclearized Korean peninsula. It does not appear willing to offer realistic exchanges and concessions, ones that its neighbors and the U.S. would consider, however, in exchange for this denuclearization. Pyongyang’s commitment to nuclear weapons and ICBMs, emphasized in its constitution and elsewhere, suggests that the regime does not intend to negotiate them away. The country maintains a slowly-growing stockpile (in the order of 5-20 warheads), production capabilities, and delivery capabilities.
We assess that North Korea has a longstanding Biological Weapons (BW) capability and biotechnology infrastructure that could support a BW program. We also assess that North Korea has a Chemical Weapons program and probably could employ these agents by modifying conventional munitions or with unconventional, targeted methods.
Ongoing, modest improvements to North Korea’s conventional capabilities also pose a regional threat to South Korea and Japan. Despite the North Korean military’s many internal challenges and shortcomings, Kim Jong Un continues to expand the regime’s conventional strike options with improved training, artillery upgrades, and close-range ballistic missiles that allow it to strike regional US and allied targets with little warning.
DPRK Geopolitical Objectives and Actions
North Korea’s WMDs, public threats, defiance of the international community, confrontational military posturing, cyber activities, and potential for internal instability pose a complex and increasing threat to US national security and interests. With priorities based around the desire to remain in power and preserve the dynasty and its accompanying system, the country will work to maintain all possible military edges, only compromising when in extreme cases of economic need. Their ability to mitigate the impact of U.S. sanctions and their relations with China, therefore, will play a key role in future changes.
The DPRK Cyber Threat
The US Intelligence Community’s annual threat assessment considers DPRK one of the four greatest cyber threats to the United States, with the others being China, Russia, and Iran.
The leading cyber risks from North Korea comes from their continued use of cyber operations to raise funds. Cyber operations are also being used to gather political/military intelligence, positioning the country for powerful cyber attacks against South Korea and the United States. Pyongyang has a number of techniques and tools it can use to achieve a wide range of offensive effects with little or no warning, including distributed denial of service attacks, data deletion, and ransomware.
DPRK figured prominently in the report of the Cyberspace Solarium Commission. They described the cyber threat from DPRK in this way:
North Korea views cyber operations as a tool of coercion and source of illicit financing via cyber criminal activities. North Korean front companies operating abroad provide opportunities for North Korea to expand the scope and reach of its operations, despite the limited connectivity at home. From these safe havens, North Korean cyber operators probe the networks of the United States and its allies, seeking to steal military plans, technology, and weapon system information while identifying vulnerabilities in critical infrastructure for Pyongyang to exploit in a future crisis. When dissidents or foreign companies oppose the regime, North Korean operators retaliate online.
The regime extracts illicit gains from the modern global economy by conducting attacks against systems critical to financial institutions’ wire transfers. These operations give North Korean leadership a funding lifeline in the face of otherwise crippling economic sanctions. Left unchallenged, North Korea will only grow bolder, complicating diplomatic efforts to check its nuclear ambitions.
Without a new U.S. strategic approach, revisionist regional powers will seek new opportunities to use increasingly powerful yet inexpensive cyber operations to undermine U.S. economic, diplomatic, and military power. They will challenge the U.S.-led system of alliances designed to limit major wars and use the resulting chaos to ensure the safety of corrupt elites.
There are several examples of these North Korean cyber attacks:
- 2014: North Korea conducts destructive attack against U.S.-based Sony Pictures Entertainment.
- 2015: North Korean–linked groups use 5,986 phishing emails containing malicious code to gain access to noncritical systems at a South Korean nuclear power plant.
- 2016: North Korean groups are linked to an estimated $81 million cyber heist of Bangladesh’s central bank account at the Federal Reserve Bank of New York.
- 2017: North Korea launches the WannaCry ransomware attack that infects over 300,000 computers in 150 countries; its effects include temporarily knocking some U.K. hospitals offline.
- 2019: A UN report concludes that North Korea used cyberattacks against financial institutions and cryptocurrency exchanges to steal an estimated $2 billion it used to fund its weapons of mass destruction program.
- 2020-2023: Extensive reporting on DPRK use of cryptocurrency fraud and cyber crime to fund weapons programs.
Economic and Industrial Espionage Threat against the US and US Companies
The DPRK maintains well-funded cyber espionage activities, mostly used to generate funds, and will continue to target sensitive U.S. economic information and technologies through cyberspace. These have increased in complexity and could develop to include theft and resale of sensitive technologies and secrets.
Businesses in the U.S. will come under attack from DPRK cyber operators seeking to gain useful information or to find ways to steal resources. U.S. businesses operating in South Korea are likely to be targets of financial theft as well as political espionage.
Raise your defenses against cybercrime. Businesses can implement many best practices to protect against cyber attacks and information theft. Most of these best practices are low cost. Kick-start your actions with our list of best practices, available at Best Practices and Lessons Learned From Years In The Cyber Fight
Businesses with operations in or relations with South Korea should assess how their business could be perceived by North Korean hackers, and whether specific elements are at an increased risk of attack for political, espionage, and/or financial reasons.
For more on the growing threat that DPRK poses to space systems see our special report on: The Challenges of Security of Space Systems
For other special reports and country studies see the OODA Network Resources page.