While South Korea and the United States focus on North Korea’s growing nuclear weapons and ballistic missile capabilities, the alliance must increasingly prioritise countering the development of North Korea’s cyber capabilities.
The use of cyber weapons of mass effectiveness alongside weapons of mass destruction provides Pyongyang with a unified asymmetric strategy designed to pressure the United States and the wider international community to recognise its legitimacy.
Moreover Pyongyang can effectively counter strict economic sanctions through cyber operations, raising hundreds of millions of dollars to support the Kim regime and its nuclear and ballistic missile programs.
North Korea’s cyber warfare units have come a long way since the mid-1990s, when the country’s computer infrastructure was rudimentary at best. The 2009 US National Intelligence Estimate dismissed North Korea’s cyber capabilities and long-range missile programs, noting it would take years to develop them into a meaningful threat.
That same year, North Korea reportedly unified all of its intelligence and internal security services and brought them under the direct control of the National Defense Commission to cement the control of current North Korean leader Kim Jong-un. It merged intelligence organisations and its various cyber units such as Bureau 121 into the Reconnaissance General Bureau (RGB).
The RGB became North Korea’s primary foreign intelligence service as well as headquarters for special and cyber operations. The RGB absorbed Bureau 121, increased its size to 3000 people and upgraded its status to that of a ‘department’.
In 2013, the RGB reportedly also established Unit 180, tasked with hacking international financial institutions to extract foreign currency in support of North Korea’s nuclear and ballistic missile programs. It would also install malicious backdoors in software development businesses in Japan and China. Over the years, the focus of Unit 180 shifted toward targeting cryptocurrency exchanges while Bureau 121 has expanded its cyber operations beyond South Korea by attacking foreign infrastructure elsewhere.