US Cybersecurity Policy Plays Catch-Up Amid DPRK Hacking Threat – OpEd


By Stefano Ermini

On March 2, the White House released a note to share the annual cybersecurity strategy, in line with the new challenges which the Western world is currently facing. The two main objectives highlighted by President Biden are quite clear: “Rebalance the responsibility to defend cyberspace” and “realign incentives to favor long-term investments” in order to favor economic recovery in the wake of the COVID-19 pandemic.

The second pillar of the 39-page report is explicitly titled “Disrupt and Dismantle Threat Actors,” referring to those international cyberterrorist and criminal organizations which are currently on the U.S. blacklist. Ransomware activities are multiplying “from safe havens like Russia, Iran and North Korea,” taking advantage  of “poor cybersecurity practices.” More specifically, aggressive e-pirate teams, born and raised in the Democratic People’s Republic of Korea (DPRK), are a constant target of D.C. experts, due to the significant damage they’ve managed to cause over the course of nearly twenty years.

Young hackers, most of the times coming from particularly impoverished parts of North Korea, are raised by the Pyongyang regime from an early age. DPRK officers generally select the next-gen army through tough tests and, if successful, they bring those children to the capital. Juche mindset, which is driving every single activity within North Korean borders, is instilled on the future hackers, as well, who are requested to sleep together in wide dormitories and endure early wake-up calls to join intensive classes focused on math and IT.

Cybercriminal actions are the primary source of income to support the well-known arms race the Kim dynasty has prioritized since its inception. According to the latest U.S. statement, North Korea is “securing up to 30% of funds for its nuclear and missile development programs through illicit cyber activities that include cryptocurrency heists and money laundering.” At the same time, their activity is needed to counterbalance the extreme poverty levels the mid- and lower-class population is faced with, which is further exacerbated by the global pandemic. Consequently, these hackers are cheered on by the regime, which proudly elevates them to the status of “national heroes.” The first recognizable leader of this anonymous army was Park Jin-Hyok, part of the so-called Lazarus Group and currently wanted by the FBI for conspiracy to commit wire and bank frauds. Park, an apparently agile computer programmer whose personal life remains a mystery, is accused of streamlining hacker attacks against several national entities and companies between 2009 and 2012, when, through Operation Flame and Operation Troy, him and his Lazarus Group became known to the entire world for assaulting South Korean government and bureaucracy websitesthrough sophisticated and atypical methods.

The Lazarus Group made major headlines in the three-year timeframe between 2014 and 2017. The first victim of the hacking campaign was Sony Pictures, formally threatened by Kim Jong-Un for producing and distributing the Hollywood movie The Interview. In the event of any remaining doubt related to the interconnection between Kim and Lazarus Group, this episode clearly revealed that the North Korean Politburo was backing hacker activities since day one. The Korean Central News Agency (KCNA), the unique voice and link between the DPRK regime and the people, strongly blamed Barack Obama’s administration for allowing the distribution of The Interview, launching a concerted media campaign against The White House in parallel with the devastating attacks by Lazarus Group.

Thus, it didn’t come as surprise when Park and his acolytes drew up a spy story not unlike a best-selling thriller. A detailed BBC report provides a deep dive into the so-called Bangladesh Bank cyber heist, in which Lazarus group tried to steal $1 billion from the national Bangladesh Bank with a combo of flexible and smart actions, only to be found out at the very last minute by local authorities. The ultimate haul from the cyber heist ended up quite limited compared to the initial goal, with $81 million confirmed missing from the account when all was said and done.

With the above actions by DPRK hackers in mind, the US administration continues to shape its long-term plan to counter emerging threats in what is becoming an increasingly critical theatre of national security – one that will only become more important in light of the Ukraine war and ongoing tensions surrounding Taiwan.

The views expressed in this article belong to the authors alone and do not necessarily reflect those of

Geopolitical Monitor is an open-source intelligence collection and forecasting service, providing research, analysis and up to date coverage on situations and events that have a substantive impact on political, military and economic affairs.

Leave a Reply

Your email address will not be published. Required fields are marked *