7.1 DPRK Cyber Operations

The Democratic People’s Republic of Korea (DPRK), or North Korea, is a malicious cyber actor that uses cyber means to generate revenue and perform retribution attacks (e.g., 2014 Sony pictures). DPRK cyber operations are famous for the financial theft (e.g., 2016 Bangladesh Bank, 2017 WannaCry Ransomware attack, ongoing digital wallet attacks) that is used to support a developing nuclear weapons program, a key element to maintain the Kim Dynasty –

Kim almost certainly views nuclear weapons and ICBMs as the ultimate guarantor of his autocratic rule and has no intention of abandoning those programs, believing that over time he will gain international acceptance as a nuclear power. In 2022, Kim reinforced that position by testing multiple ICBMs intended to improve North Korea’s ability to strike the United States and revising his country’s nuclear law, underscoring the nuclear forces as the backbone of North Korea’s national defense.

(DNI, 2023)

The DPRK received technical and materiel support from other countries (i.e., China and Russia) since its inception in 1948, due to common politics and borders (Figure 7.1). These technical and training relationships, including cyber, continue to this day.

As shown in Figure 7.1, the DPRK borders on both China and Russia to the north, and South Korea on its southern border.