By CHOE SANG-HUN, PAUL MOZUR, NICOLE PERLROTH and DAVID E. SANGER
SEOUL, South Korea — They take legitimate jobs as software programmers in the neighbors of their home country, North Korea. When the instructions from Pyongyang come for a hacking assault, they are believed to split into groups of three or six, moving around to avoid detection.
Ever since the 1980s, reclusive North Korea has been known to train cadres of digital soldiers to engage in electronic warfare and profiteering exploits against its perceived enemies, most notably South Korea and the United States. In more recent years, cybersecurity experts say, the North Koreans have spread these agents across the border into China and other Asian countries to help cloak their identities. The strategy also amounts to war-contingency planning in case the homeland is attacked.
Now this force of North Korean cyberhacking sleeper cells is under new scrutiny in connection with the ransomware assaults that have roiled much of the world over the past four days. New signs have emerged not only that North Koreans carried out the attacks but also that the targeted victims included China, North Korea’s benefactor and enabler.