North Korea’s Hackers Fund Nuclear, Missile Programs by Stealing From Banks, Others

Hackers tied to North Korea are suspected in Friday’s global ransomware attack that infected roughly 300,000 machines in about 150 countries, including computers tied to some of the world’s biggest companies, as well as hospitals, The New York Times reported Monday, citing intelligence officials and private cybersecurity experts. Still, while similarities to other North Korean hacks have been found, the experts have not reached a definitive conclusion that the country was directly behind the hacking.

For some, the mention of North Korea doesn’t necessarily bring up thoughts of a potential cyberwar threat. Instead, most link the authoritarian regime of Kim Jong Un to tests of its intercontinental ballistic missile or nuclear defense capabilities that have put the globe, and especially U.S. allies like South Korea and Japan and superpowers like China and Russia, on high alert for more than the past year.

But Kim’s power and reach extend well beyond the country’s borders and include major hacking and cyberwarfare capabilities that in turn have helped fund the North’s defense programs.

In fact, a top U.S. general told the Senate Armed Services Committee last month the North is expanding its hacking capabilities, stating the program was quite advanced.

"This is an area of growth," General Vincent Brooks said during his nomination hearing for command of United Nations and U.S. Forces Korea. "While I would not characterize them as the best in the world, they are among the best in the world and the best organized."

Indeed, the North earlier has shown its ability to infiltrate U.S. systems, the most high-profile example being Sony Pictures prior to the release of the film The Interview, which depicted an assassination plot against Kim, in 2014.

But the entertainment industry’s copyrighted material is among the least of the world’s worries, given the North’s alleged ability to hack into military infrastructures, power plants and banks.

Following the Sony hack, a former instructor for the North’s Hamhueng Computer Technology University told the BBC in May 2015 that the hacking army, at that time, had reached about 6,000 people and estimated the North devoted between 10 to 20 percent of its military budget to cyberwarfare. The defector also stated the North was working on an attack like Stuxnet, the hack conducted by the U.S. and Israel that infected and deterred Iran’s nuclear defense program in 2010.

"The reason North Korea has been harassing other countries is to demonstrate that North Korea has cyberwar capacity," the former instructor, Kim Heung-Kwang, said. "Their cyberattacks could have similar impacts as military attacks, killing people and destroying cities."

The unit, or hacking group, Kim was speaking of has been dubbed Bureau 121, which is believed to operate outside of the North’s borders—in China—because there is little cyber infrastructure within the closed-off nation’s borders. A Times report in March said hackers were also located in other parts of Southeast Asia and even in Europe. Members of Bureau 121 reportedly lead much better lives than most of their fellow North Korea citizens, but they are still monitored closely to avoid defection or potential espionage.

The elite group has of late taken to breaking down the firewalls or security systems of financial institutions around the world, and experts believe its efforts are funding the missile and defense programs that have world leaders and citizens frightful.

In 2015, hackers linked to the North reportedly took $81 million from Bangladesh’s central bank.

Pyongyang linked hackers have also targeted more than 100 groups across the globe, including institutions such as the World Bank, the European Central Bank and even the U.S.-based Bank of America. 

The reason?

"This is all for their nuclear weapons and missile programs. They need this money for building and researching more ballistic missiles," a Foundation for Defense of Democracies senior fellow, Anthony Ruggiero, told CNN last month.

Join the Discussion