The All-Purpose Sword: North Korea's Cyber Operations and Strategies

Abstract

According to a 2013 briefing from the South Korean National Assembly by the South Korean National Intelligence Service, North Korean leader Kim Jong-un stated, “Cyberwarfare is an all-purpose sword that guarantees the North Korean People's Armed Forces ruthless striking capability, along with nuclear weapons and missiles.” Kim has secretly executed all-purpose cyberattacks to achieve his agenda, regardless of North Korea's diplomatic and economic situation. The “all-purpose sword” has been adapted to the different purposes it has pursued against North Korea's adversaries, such as creating ransomware for financial gain, a cyberweapon to destroy computer systems, and an invisible espionage tool to accumulate sensitive information. This paper is divided into three parts. The first section discusses the will of North Korea to use cyber warfare for different purposes by explaining how its administrative agencies take charge of different fields but carry out cyber operations to achieve their goals. The second section describes and analyzes the interconnectivity in North Korea's suspected cyber operations: specifically, Campaign Kimsuky, Operation KHNP, Operation DarkSeoul, Operation Blockbuster, the Bangladesh Central Bank Heist, and Wannacry. The operations will be categorized by operational goals, showing North Korea's success at achieving its various purposes by these means. In the last section, we suggest a future cyber strategy direction for North Korea based on our analysis of its tactics, techniques and procedures; and how North Korea cooperates with other countries, including countermeasures for countries around the world.