Introduction
In 2023, South Korean public institutions faced an unprecedented surge in cyberattacks, with daily attempts reaching 1.62 million, eighty percent of which were reportedly planned by North Korea. Considering the wide range of targets, including defense industries and private enterprises, which may not always report or be able to track such attacks, the actual tally of North Korean hacking endeavors is likely significantly higher. This escalation in cyber aggression employs advanced computing and artificial intelligence (AI) technologies such as ChatGPT, highlighting the advanced nature of North Korea’s cyber capabilities and spotlighting the evolving role of AI in cyber espionage and sabotage.
In response to this new form of aggression, South Korea has released its revised National Cybersecurity Strategy aimed at countering cyber threats through enhanced defenses, international cooperation, and the adoption of cutting-edge technologies. The Korean Peninsula now epitomizes the dual-edged nature of technological progress, illustrating how technology can both enable and prevent considerable security risks. This article argues that South Korea’s approach to cybersecurity, informed by specific instances of cyberattacks and their broader geopolitical and technological ramifications, offers valuable insights for developing effective countermeasures and policy recommendations in this age of sophisticated digital warfare.
North Korea’s Cyber Warfare Evolution Strategy
North Korea’s increasingly sophisticated cyber capabilities have raised alarms globally, notably with the high-profile 2014 Sony Pictures hack, which thrust the hermit kingdom’s cyber prowess into the international spotlight. This incident not only underlined the extensive damage that cyberattacks can inflict on private corporations but also served as a wake-up call to the world about the growing menace of state-sponsored cyberterrorism.
In addition to targeting state infrastructure and companies, North Korean cyber operations have focused on financial gain and sanctions evasion. According to the March 2024 United Nations Security Council report, the theft of virtual assets has become a lucrative venture for Pyongyang, with UN estimates suggesting that North Korea illicitly obtained three billion dollars’ worth of cryptocurrencies to fund its weapons programs between 2017 and 2023. One strategy involves North Korean technology workers employed overseas using falsified resumes to secure lucrative jobs at global technology development companies and sending earnings back to the government. North Korean hackers have also been suspected of injecting malware into software supply chains, then staging ransomware attacks that cripple company networks to demand payment. The scope of these cyber operations aimed at financial gain has also expanded beyond traditional targets and includes indiscriminate attacks against members of the public. In one instance, hackers stole information from members of a South Korean online cryptocurrency forum and used phishing emails that tricked users into entering their cryptocurrency wallet authentication information to pilfer millions in virtual currency.
Under Kim Jong Un’s leadership, North Korea has used hacking groups to target specific sectors aligned with strategic state interests. For instance, after Kim emphasized grain production in January 2023, hackers targeted three South Korean agricultural institutions and stole food research data. Following Kim’s emphasis on naval force enhancement during visits to navy units in July and August 2023, hackers breached four South Korean shipbuilding companies. Likewise, after Kim announced intentions to bolster unmanned aerial vehicle production in October 2023, North Korean hackers stole engine data from South Korean drone companies.
In their February 2024 cybersecurity threat intelligence report, Microsoft disclosed that North Korean hackers had used OpenAI’s Large Language Models to identify and research potential hacking targets, then automatically generate phishing pages. Microsoft pinpointed a specific hacking group named “Emerald Sleet,” a North Korean threat group active throughout 2023, and has since banned it from accessing Microsoft AI products. This group has ties with notorious hacker collectives known by names such as “Kimsuky” and “Velvet Chollima.” The Cybersecurity and Infrastructure Security Agency under the U.S. Department of Homeland Security identifies Kimsuky as a North Korean hacker group tasked with global information gathering since 2012. Kimsuky primarily targets South Korean government agencies and specialists in the Korea-US-Japan nexus to collect intelligence related to the Korean Peninsula, nuclear policy, and sanctions against North Korea.
These examples highlight the evolving threat landscape, characterized by North Korea’s use of advanced AI technologies for mass malware creation and sophisticated phishing attacks, dramatically reducing the time and effort required for cyber operations. They are part of a coordinated effort by North Korean hackers who employ advanced persistent threat (APT) tactics, which involve prolonged and targeted cyberattacks aimed at gaining continuous access to sensitive information. Unlike one-time attacks or phishing scams, APTs enable North Korean hackers to infiltrate networks undetected over extended periods, allowing them to extract valuable data and compromise critical systems. The repercussions of these cyberattacks extend beyond immediate operational disruptions, threatening long-term national security and economic stability. This situation emphasizes the critical need for robust cybersecurity defenses and the importance of proactive threat intelligence sharing among allies.
South Korea’s Strategic and Diplomatic Response
In response to North Korean cyber aggression, South Korea released a comprehensive revised National Cybersecurity Strategy in February 2024 designed to counter the multifaceted cyber threats emanating from the North. This strategy put more emphasis on a proactive defense mechanism, the fortification of the country’s core infrastructures against cyberattacks, and the pursuit of international cooperation to build a robust cybersecurity framework. Through this strategic lens, South Korea not only seeks to safeguard its digital landscape but also to contribute to the stability and security of the international community in the face of escalating cyber threats from North Korea.
South Korea recognizes that cybersecurity is a global challenge that requires establishing and reinforcing alliances with key international partners, exemplified by its efforts to advance collective cybersecurity frameworks and agreements. Notably, South Korea and the United States initiated the Strategic Cybersecurity Cooperation Framework in April 2023, a testament to their shared commitment to countering cyber threats and exchanging vital intelligence. Additionally, South Korea’s participation in trilateral discussions on North Korean cyber activities with the United States and Japan in December 2023 has solidified a collaborative stance against North Korean cyber aggression. These talks have been instrumental in harmonizing defense strategies and enhancing the cyber defenses of national infrastructures, showcasing a unified approach to deterring cyber threats.
Ensuring Long-Term Effective Cybersecurity
Despite its successes in establishing collaborative defenses, South Korea should act on its potential to strengthen its capabilities in international cybersecurity norm-setting, advanced threat detection, and cross-border incident response coordination. The country is well-positioned to advocate for the enforcement of international law within digital domains, evidenced by its proactive role in hosting the May AI Seoul Summit and the March Summit for Democracy, where it led discussions with global politicians and entrepreneurs on cybersecurity and AI safety issues. South Korea has been actively participating in United Nations discussions and spearheading the creation of norms for digital conduct during peacetime as a non-permanent member of the UN Security Council. The country’s participation in the multinational Cyber Flag exercise, hosted annually by the U.S. Cyber Command, and its flagship international security forum, the Seoul Defense Dialogue, which addresses cybersecurity issues, also highlight South Korea’s active engagement and leadership in enhancing global cybersecurity cooperation and threat response capabilities.
By utilizing these diplomatic and security channels, South Korea can further build a worldwide consensus on the critical need for a secure and stable cyberspace. Additionally, by sharing its expertise and resources with developing countries, South Korea can enhance its geopolitical stature, fostering stronger alliances and promoting global cyber stability. These approaches acknowledge that cybersecurity challenges, especially those emanating from North Korea, are a global concern requiring unified action and shared responsibility.
Integrating AI into cybersecurity could also present significant technological opportunities for South Korea. The advancement of AI technologies offers transformative potential for enhancing cybersecurity defenses, enabling more effective detection of sophisticated cyber threats and automating responses to incidents at speeds beyond human ability. For instance, AI-powered anomaly detection systems can identify subtle patterns indicative of a cyberattack much earlier than traditional methods. Additionally, AI can play a crucial role in predictive threat intelligence, allowing South Korean cybersecurity forces to anticipate and mitigate potential cyberattacks based on the comprehensive analysis of vast datasets. For example, South Korea’s National Cybersecurity Strategy emphasizes the integration of AI-driven systems for real-time threat detection and response. Initiatives like the planned AI Safety Institute, set to launch by the end of 2024, aim to develop and implement these advanced technologies.
However, the integration of AI into cybersecurity strategies also introduces ethical and privacy dilemmas, as the extensive collection and analysis of data could encroach upon individual rights. South Korea must strike a delicate balance between exploiting AI’s capabilities to bolster cybersecurity and mitigating the associated risks. This necessitates a comprehensive approach that includes developing ethical AI frameworks, fostering international cooperation on digital norms, and maintaining an active dialogue among tech developers, security professionals, and policymakers. Such a strategy will enable South Korea and its allies to leverage AI’s potential to enhance cybersecurity efforts while ensuring the protection of democratic principles and human rights.
Conclusion
Anne Neuberger, the U.S. Deputy National Security Advisor for Cyber and Emerging Technologies, has recognized North Koreans as “some of the most creative and innovative in leveraging emerging tech.” The growing cyber threats from North Korea, coupled with the critical role of AI in both cyber aggression and defense, accentuate the urgency and complexity of enhancing cyber resilience on the Korean Peninsula. South Korea’s strategic response, as outlined in its National Cybersecurity Strategy, showcases a proactive and comprehensive response to these threats. This strategy stresses the need for international cooperation, the adoption of cutting-edge technologies, and the establishment of strong defense mechanisms.
Despite these significant efforts, the dynamic and evolving nature of cyber threats requires continuous vigilance, innovation, and collaboration. As generative AI emerges as a double-edged sword, the balance of power in the AI era could tip in favor of hacker groups unless states preemptively invest in cybersecurity. Therefore, moments of apparent calm are crucial and emphasize the need to heighten public awareness and investment in cybersecurity. As the global community wrestles with these issues, South Korea’s experiences and strategies offer valuable insights into the dynamics of cyber conflict and defense in today’s digital era. They highlight the necessity for a globally coordinated and strategic approach that harnesses the potential of AI in defense strategies and ensures a stable cyberspace.
. . .
Tae Yeon Eom is a Research Scholar at the Asia Pacific Foundation of Canada. His research examines the socio-political issues on and around the Korean Peninsula, exploring how these dynamics influence domestic policies, regional security, and international relations. By integrating these perspectives, his work aims to provide a comprehensive understanding of the challenges and opportunities in East Asia.
Image credit: Oleg Dimitrochenko, Pixabay Content License, via Pixabay.
