SEOUL -- North Korea is firing a fusillade of ransomware attacks outside its borders, turning to cryptocurrency extortion for easy money as tough international sanctions bite.
Pyongyang has increasingly targeted small and midsize businesses in South Korea with ransomware since 2018, apparently to exploit weak security and the common language, according to a source with knowledge of the North's illegal financing activities. The South's National Intelligence Service reports 1.58 million attempted cyberattacks a day here.
Hackers infiltrate servers and internal systems, encrypting important data and demanding cryptocurrency from victims wanting it back. Ransoms are cashed on Chinese exchanges.
Demands often range between 1 and 10 bitcoins (roughly $50,000 to $500,000), according to South Korean media. The true figure remains unclear, since many victims do not report the incidents. Ransomware cost businesses an estimated more than 2 trillion won ($1.8 billion) in 2020, surging 18-fold in five years.
North Korean thefts of virtual assets totaled around $316 million from 2019 to November 2020, according to a draft report presented to the United Nations Security Council committee on North Korea sanctions.
But "tracking such activities requires the cooperation of the Chinese government," making it impossible to "determine the exact amount of foreign currencies the North has obtained," a source said.
North Korea previously relied on currency counterfeiting, drug trafficking and arms exports to the Middle East as important sources of income, and the U.N. economic sanctions have blocked these activities. Now cyberattacks are an efficient and safe way for Pyongyang to obtain funds, an expert said.
So how did the North's hacker army come to be?
In 2012, North Korean leader Kim Jong Un ordered the formation of a unit for strategic oversight of cyber operations at the Reconnaissance General Bureau intelligence agency. He visited the RGB in 2013, reportedly saying that with its "brave" cyberwarriors, "we can penetrate any sanctions."
Pyongyang trains hackers at special academies, according to the South's publicly funded Institute for National Security Strategy. Mirim College sends 120 graduates a year to Bureau 121, the infamous cyberwarfare unit with world-class hackers under the RGB. Kim Il Sung Military University, which educates members of the future military elite, reportedly cultivates some 1,000 cyberwarriors annually.
The North has other organizations for cyber operations besides the RGB. A military division is responsible for cyberattacks on South Korean forces. A unit in the ruling Workers' Party is said to run about 140 websites for propaganda efforts targeting South Koreans.