North Korea’s nuclear and missile programs are all over the news globally, but the country also has one low-profile tactic designed to bring significant disruption to its adversaries: hacktivism.
A South Korean lawmaker revealed Monday that the regime’s hackers had hacked into South Korea’s military network and snatched a trove of the allies’ wartime operational plans, including a “decapitation strike” scheme against the North Korean leader Kim Jong-un.
The Pentagon stressed a day later the classified scheme remains secure, though it declined to confirm whether there was a breach. However, concern continues to grow over the regime’s evolving hacking technology and cyberwarfare capabilities.
“There is cyberwarfare occurring between South Korea and North Korea every hour, every day,” said Rep. Rhee Chul-hee of the ruling Democratic Party, who revealed the hacking incident, in an interview with local broadcaster CBS on Wednesday.
According to the April report by the Korean Institute for National Unification, North Korea has been operating a total of 7,700 professional hackers, including those belonging to seven hacking organizations under the regime’s ruling Workers’ Party and Korean People’s Army.
South Korea’s Unification Ministry has witnessed 4,000 hacking attempts over the past five years, with about 40 percent of them originating from China, which are suspected to be linked to North Korean hackers, said Rep. Park Joo-sun, a lawmaker of the People’s Party.
Seoul’s central bank might have been targeted as well, lawmaker Rep. Shim Jae-cheol claimed, citing data that showed the Bank of Korea has seen an “unusual surge” in cyberattacks this year. Compared to 38 cyberattacks in 2015 and 44 in 2016, the number of hacking attacks this year stood at 116 in August.
“With military tension reaching its peak following North Korea’s nuclear and missile tests, North Korea would have conducted a series of cyberattacks targeting South Korea’s central bank and financial institutions,” Shim said.
In recent years, North Korea has shifted its focus in cyberattacks. Not only has the North attempted to snatch classified military or government data to bring social disruption, it appeared to focus more on raising foreign currency under the chokehold of economic sanctions.
A hacking group with ties to North Korea, Lazarus, was suspected of being linked to an $81 million cyber heist at the Bangladesh central bank in February 2016. The money was fraudulently transferred out of the bank’s account at the New York Federal Reserve and moved to Sri Lanka and the Philippines.
The communist regime has even appeared to rely on digital currency – such as Bitcoin — as a means of evading tightening sanctions.
South Korea’s National Police Agency confirmed last month that North Korean hackers had sought to steal bitcoins from cryptocurrency exchanges here. Though the attempt was unsuccessful, the hackers targeted 25 South Korean employees at four different exchanges.
“Bitcoin and cryptocurrency mining or activity involving cryptocurrency is a way for North Korea to generate funds and get around some of the sanctions,” Priscilla Moriuchi, a director from Recorded Future, an intelligence research firm, said in an interview with Voice of America.
“What we have come to know over time is that they are sophisticated actors. They do have an in-depth understanding of internet networks and communication.”
Last month, Korean National Police arrested a group of South Korean and Chinese people for working with North Korean hackers to steal bank card information by hacking into automated teller machines. The arrested group then used it to withdraw cash.