North Korea is arguably the least-understood nation on the planet. And that also applies to its state-sponsored hackers whose global cyberattacks have been almost as erratic and inscrutable as the government they work for. They hide behind strange front groups and fake extortion schemes. They steal tens of millions of dollars, a kind of digital profiteering more common among organized criminals than government cyberspies. And they’re now believed to have launched WannaCry, the ransomware that sparked an indiscriminate global crisis, with almost no apparent benefit to themselves.
But as tensions between the US and North Korea rise, cybersecurity and foreign affairs analysts watching the Hermit Kingdom’s hackers say that it would be unwise to write off Kim Jong-un’s digital army as irrational actors, as foreign policy wonks once mistakenly did with the country’s early military provocations. Instead, they warn that North Korea is using cyberattacks much as they’ve used the nuclear threat, an asymmetric lever that effectively holds far more powerful countries in check. Like the Kim regime as a whole, North Korea’s hackers are desperate, brazen, and at times incompetent—but also shrewdly logical in pursuing their goals.
This week, the DHS and FBI released a “technical alert,” warning that North Korean state actors called Hidden Cobra had targeted US organizations in the financial, aerospace, and media industries, along with critical infrastructure.