Nation-State Hackers

Does it seem like North Korea’s getting more aggressive in their missile tests? What is behind this amplification of military demonstration?

Throughout 2022, “North Korea test-launched over 70 ballistic and cruise missiles, most of which were tests for operational rather than development purposes,” as reported in Strategic Comments journal, 20NOV2022. The Center for Strategic and International Studies reports that on 02NOV2022 alone, “North Korea fired 25 missiles of various kinds off its east and west coasts.” Yonhap News further indicated that “three SRBMs were launched from the Wonsan area of ​​Gangwon-do into the East Sea, and one of them headed toward Ulleungdo and landed in the waters 26km south of the NLL”.

The NLL (Northern Limit Line) is, by all accounts, a disputed border in the Yellow Sea, an extension of the DMZ. South Korea has robustly defended this demarcation while, predictably, North Korea refuses to acknowledge this boundary. To fire a missile into this region ostensibly aligns with DPRK policy, but it is an offensive gesture fully intended to taunt South Korea.

Additionally, in the most recent round of tests on Friday, 18NOV2022, DPRK launched an ICBM believed capable of reaching US shores, “designed to carry multiple nuclear warheads to overcome U.S. missile defense systems.” (Associated Press)

China, which has always viewed DPRK as a useful buffer between their nation and South Korea, has reaffirmed their support for Pyongyang. This is demonstrated in legal forms, such as vetoing (with Russia) the UN Security Council’s vote to bolster sanctions against North Korea. As reported by Al Jazeera, “The remaining 13 council members all voted in favour of the resolution that was drafted by the United States and proposed banning tobacco and oil exports to North Korea. It would also have blacklisted the Lazarus hacking group, which the US says is tied to North Korea.” This stands in contrast with 2017, when six nuclear tests in DPRK resulted in unanimous sanctions by the UN.

Russia, motivated to reclaim the Donbas region from Ukraine after provocation by NATO, has no reason to respect US interests regarding North Korea. Similarly, recent declarations of support for Taiwan by the United States have not endeared them to China. The two superpowers standing together to defend DPRK interests present an incontrovertible middle finger to the United States, and using the United Nations to legislate this is salt in the wound.

“The UN Security Council’s inability or unwillingness to act on key challenges to international security, like North Korea, like Russia’s war on Ukraine… This has raised some serious questions about the effectiveness of the institution,” opines Evans Revere, former US Assistant Secretary of State for East Asian and Pacific Affairs, in an interview with Arirang News. “The fact that veto-holding powers of the Security Council can effectively block international consensus, and block international action, against those in violation of the Security Council’s own resolutions, and even of the United Nations’ charter itself is the unfortunate reality that we face today.”

Dr. Kim Yang-gyu, East Asia Institute; Evans Revere, former acting US Assistant Secretary of State for East Asian and Pacific Affairs.

Support comes in illegal forms, as well, such as engaging in shipping trade with DPRK in violation of UN charter. This is one way of skirting sanctions, which are themselves unenforceable in practice. Who’s going to stand against China? Who can make a claim that they’ll respect and respond to?

And how is it that North Korea can continue to manufacture, upgrade, and test so many ICBMs? Getting equipment through flouting UN sanctions only gets you so far. We know that Pyongyang’s Reconnaissance General Bureau has been invested in exploring new venues of aggression: rather than land, sea, or air, they are engaging on the cybernetic front. Their company of hackers, known as the Lazarus Group, has been covered in granular detail by such podcasts as BBC’s The Lazarus Heist and Darknet Diaries’ episode “Bangladesh Bank Heist.” The latter is actually a tight focus on one episode of the former, and both are worth listening to for a comprehensive understanding of a hacker network more advanced and powerful than most people would suspect.

These two podcasts highlight one particular cyber heist that attempted to steal several hundred millions of dollars out of Bangladesh, approved by New York, and laundered through a Philippines casino over a holiday weekend—razor-thin timing for an attack of opportunity. But the Lazarus Group hasn’t stopped there: Dr. Kim Yang-gyu, in the Arirang News interview, stated that “cryptoanalysis from Chainanalysis estimated that Pyongyang stole approximately one billion dollars in the first nine months of this year, including the FBI-confirmed case of stealing $620 million in cryptocurrencies from a popular video game in March this year.”

That game was Axie Infinity, produced by Sky Mavis, a Vietnam-based company. The game has been called “Pokémon-like” in that it deals with collectible small creatures, “Axies,” but Axie Infinity is a blockchain game in which players mint NFTs of their captures for resale. Under the Reconnaissance General Bureau’s direction the Lazarus Group and another hacker team, APT38, initiated their assault through a tried-and-true social engineering technique: a job offer through LinkedIn. The hackers identified senior developers through publicly available information and lured them with the promise of a job prospect.

The PDF with the job description, however, also contained a virus meant to target Sky Mavis’s Ronin Network. As VICE News reports, “The Vietnam-based company spun up the Ronin Network to make playing Axie Infinity cheaper for users, porting tokens from Ethereum to the Ronin blockchain, since the game runs on top of Ethereum where every action incurs costly ‘gas’ fees.” Once inside the company’s network, the Lazarus Group successfully siphoned US$624M in ETH and USDC tokens.

Rolled into the US$1B believed to be stolen by DPRK hackers, this total represents one-third of North Korea’s missile development budget. Sanctions mean little to Pyongyang, who have built a ski resort and mountain spa under these restrictions, with the cooperation of China and a few “neutral” countries. If anything, UN sanctions only motivate North Korea to demonstrate their military might and defy the international community. Sanctions place pressure upon the already-oppressed population of North Korea, but the capitol has demonstrated little concern for their plight, prioritizing resources for missiles, hackers, and luxury goods for “Supreme Leader” Kim Jong-Un.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s