Convergence of Interests and Tradecraft with Cybercriminals North Korea’s financial motivation distinguishes its behavior in cyberspace from that of other states, which tend to focus more on traditional pursuits like espionage and sabotage. To be sure, North Korea engages in those kinds of activities, too. In March 2013, its DarkSeoul malware took down the networks of three prominent South Korean banks and two major broadcasters. In 2016, North Korean actors stole digital reams of classified U.S.-South Korean military documents, including plans to “decapitate” the North Korean leadership in the event of war.54 Yet North Korea’s predilection for criminality sets it apart from cyber peers. Priscilla Moriuchi, a fellow at the While plenty of other Belfer Center, remarked at the state-sponsored actors 2021 Harvard Korean Security engage in indirectly Summit that North Korea employs remunerative activities... a “completely different model 55 than any other country.” “By and North Korea’s penchant large, you won’t see many other for outright theft countries who utilize the internet to stands alone. circumvent international sanctions, to steal… North Korea is not a traditional nation-state when it comes to cyber [operations].” According to the Belfer Center’s 2020 Cyber Power Index, North Korea was the only country observed pursuing wealth generation via illegal cyber means.56 While plenty of other state-sponsored actors engage in indirectly remunerative activities, such as industrial espionage, North Korea’s penchant for outright theft stands alone. As Pyongyang increasingly pursues cyber-generated revenue, its financially motivated actors have come to resemble criminals. One area of overlap is victim selection. Whereas North Korea’s traditional operations may involve hardened government or defense-industrial targets in the West – examples include the White House, South Korean military planners, and Lockheed 54
Choe Sang-Hun, “North Korean Hackers Stole U.S.-South Korean Military Plans, Lawmaker Says,” New York Times, October 10, 2017, https://www.nytimes.com/2017/10/10/world/asia/north-korea-hack-war-plans.html.
55
Buchanan, Jun, and Moriuchi, “Understanding North Korea’s Leap in Cyber Capabilities.”
56
Julia Voo et al., National Cyber Power Index 2020, Belfer Center for Science and International Affairs (Cambridge, MA, September 2020), 32, https://www.belfercenter.org/sites/default/files/2020-09/NCPI_2020.pdf.
Belfer Center for Science and International Affairs | Harvard Kennedy School
13
