The All-Purpose Sword: North Korea's Cyber Operations and Strategies

Kong Ji-Young, Jong In Lim, Kim Kyoung Gon

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

According to a 2013 briefing from the South Korean National Assembly by the South Korean National Intelligence Service, North Korean leader Kim Jong-un stated, 'Cyberwarfare is an all-purpose sword that guarantees the North Korean People's Armed Forces ruthless striking capability, along with nuclear weapons and missiles.' Kim has secretly executed all-purpose cyberattacks to achieve his agenda, regardless of North Korea's diplomatic and economic situation. The 'all-purpose sword' has been adapted to the different purposes it has pursued against North Korea's adversaries, such as creating ransomware for financial gain, a cyberweapon to destroy computer systems, and an invisible espionage tool to accumulate sensitive information. This paper is divided into three parts. The first section discusses the will of North Korea to use cyber warfare for different purposes by explaining how its administrative agencies take charge of different fields but carry out cyber operations to achieve their goals. The second section describes and analyzes the interconnectivity in North Korea's suspected cyber operations: specifically, Campaign Kimsuky, Operation KHNP, Operation DarkSeoul, Operation Blockbuster, the Bangladesh Central Bank Heist, and Wannacry. The operations will be categorized by operational goals, showing North Korea's success at achieving its various purposes by these means. In the last section, we suggest a future cyber strategy direction for North Korea based on our analysis of its tactics, techniques and procedures; and how North Korea cooperates with other countries, including countermeasures for countries around the world.

Original languageEnglish
Title of host publication2019 11th International Conference on Cyber Conflict
Subtitle of host publicationSilent Battle, CyCon 2019
EditorsMassimiliano Signoretti, Ihsan Tolga, Tomas Minarik, Gabor Visky, Siim Alatalu, Stefano Biondi
PublisherNATO CCD COE Publications
ISBN (Electronic)9789949990443
DOIs
Publication statusPublished - 2019 May 1
Event11th International Conference on Cyber Conflict: Silent Battle, CyCon 2019 - Tallinn, Estonia
Duration: 2019 May 282019 May 31

Publication series

NameInternational Conference on Cyber Conflict, CYCON
Volume2019-May
ISSN (Print)2325-5366
ISSN (Electronic)2325-5374

Conference

Conference11th International Conference on Cyber Conflict: Silent Battle, CyCon 2019
CountryEstonia
CityTallinn
Period19/5/2819/5/31

Fingerprint

Nuclear weapons
Military operations
Missiles
Computer systems
Economics
Malware

Keywords

  • cyber strategies
  • mixing tactics
  • North Korea
  • North Korean cyber forces
  • state-sponsored cyber operations
  • techniques and procedures

ASJC Scopus subject areas

  • Computer Networks and Communications

Cite this

Ji-Young, K., Lim, J. I., & Kyoung Gon, K. (2019). The All-Purpose Sword: North Korea's Cyber Operations and Strategies. In M. Signoretti, I. Tolga, T. Minarik, G. Visky, S. Alatalu, & S. Biondi (Eds.), 2019 11th International Conference on Cyber Conflict: Silent Battle, CyCon 2019 [8756954] (International Conference on Cyber Conflict, CYCON; Vol. 2019-May). NATO CCD COE Publications. https://doi.org/10.23919/CYCON.2019.8756954

The All-Purpose Sword : North Korea's Cyber Operations and Strategies. / Ji-Young, Kong; Lim, Jong In; Kyoung Gon, Kim.

2019 11th International Conference on Cyber Conflict: Silent Battle, CyCon 2019. ed. / Massimiliano Signoretti; Ihsan Tolga; Tomas Minarik; Gabor Visky; Siim Alatalu; Stefano Biondi. NATO CCD COE Publications, 2019. 8756954 (International Conference on Cyber Conflict, CYCON; Vol. 2019-May).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Ji-Young, K, Lim, JI & Kyoung Gon, K 2019, The All-Purpose Sword: North Korea's Cyber Operations and Strategies. in M Signoretti, I Tolga, T Minarik, G Visky, S Alatalu & S Biondi (eds), 2019 11th International Conference on Cyber Conflict: Silent Battle, CyCon 2019., 8756954, International Conference on Cyber Conflict, CYCON, vol. 2019-May, NATO CCD COE Publications, 11th International Conference on Cyber Conflict: Silent Battle, CyCon 2019, Tallinn, Estonia, 19/5/28. https://doi.org/10.23919/CYCON.2019.8756954
Ji-Young K, Lim JI, Kyoung Gon K. The All-Purpose Sword: North Korea's Cyber Operations and Strategies. In Signoretti M, Tolga I, Minarik T, Visky G, Alatalu S, Biondi S, editors, 2019 11th International Conference on Cyber Conflict: Silent Battle, CyCon 2019. NATO CCD COE Publications. 2019. 8756954. (International Conference on Cyber Conflict, CYCON). https://doi.org/10.23919/CYCON.2019.8756954
Ji-Young, Kong ; Lim, Jong In ; Kyoung Gon, Kim. / The All-Purpose Sword : North Korea's Cyber Operations and Strategies. 2019 11th International Conference on Cyber Conflict: Silent Battle, CyCon 2019. editor / Massimiliano Signoretti ; Ihsan Tolga ; Tomas Minarik ; Gabor Visky ; Siim Alatalu ; Stefano Biondi. NATO CCD COE Publications, 2019. (International Conference on Cyber Conflict, CYCON).
@inproceedings{efffb12b73b14dd595a49b051b0b15ff,
title = "The All-Purpose Sword: North Korea's Cyber Operations and Strategies",
abstract = "According to a 2013 briefing from the South Korean National Assembly by the South Korean National Intelligence Service, North Korean leader Kim Jong-un stated, 'Cyberwarfare is an all-purpose sword that guarantees the North Korean People's Armed Forces ruthless striking capability, along with nuclear weapons and missiles.' Kim has secretly executed all-purpose cyberattacks to achieve his agenda, regardless of North Korea's diplomatic and economic situation. The 'all-purpose sword' has been adapted to the different purposes it has pursued against North Korea's adversaries, such as creating ransomware for financial gain, a cyberweapon to destroy computer systems, and an invisible espionage tool to accumulate sensitive information. This paper is divided into three parts. The first section discusses the will of North Korea to use cyber warfare for different purposes by explaining how its administrative agencies take charge of different fields but carry out cyber operations to achieve their goals. The second section describes and analyzes the interconnectivity in North Korea's suspected cyber operations: specifically, Campaign Kimsuky, Operation KHNP, Operation DarkSeoul, Operation Blockbuster, the Bangladesh Central Bank Heist, and Wannacry. The operations will be categorized by operational goals, showing North Korea's success at achieving its various purposes by these means. In the last section, we suggest a future cyber strategy direction for North Korea based on our analysis of its tactics, techniques and procedures; and how North Korea cooperates with other countries, including countermeasures for countries around the world.",
keywords = "cyber strategies, mixing tactics, North Korea, North Korean cyber forces, state-sponsored cyber operations, techniques and procedures",
author = "Kong Ji-Young and Lim, {Jong In} and {Kyoung Gon}, Kim",
year = "2019",
month = "5",
day = "1",
doi = "10.23919/CYCON.2019.8756954",
language = "English",
series = "International Conference on Cyber Conflict, CYCON",
publisher = "NATO CCD COE Publications",
editor = "Massimiliano Signoretti and Ihsan Tolga and Tomas Minarik and Gabor Visky and Siim Alatalu and Stefano Biondi",
booktitle = "2019 11th International Conference on Cyber Conflict",

}

TY - GEN

T1 - The All-Purpose Sword

T2 - North Korea's Cyber Operations and Strategies

AU - Ji-Young, Kong

AU - Lim, Jong In

AU - Kyoung Gon, Kim

PY - 2019/5/1

Y1 - 2019/5/1

N2 - According to a 2013 briefing from the South Korean National Assembly by the South Korean National Intelligence Service, North Korean leader Kim Jong-un stated, 'Cyberwarfare is an all-purpose sword that guarantees the North Korean People's Armed Forces ruthless striking capability, along with nuclear weapons and missiles.' Kim has secretly executed all-purpose cyberattacks to achieve his agenda, regardless of North Korea's diplomatic and economic situation. The 'all-purpose sword' has been adapted to the different purposes it has pursued against North Korea's adversaries, such as creating ransomware for financial gain, a cyberweapon to destroy computer systems, and an invisible espionage tool to accumulate sensitive information. This paper is divided into three parts. The first section discusses the will of North Korea to use cyber warfare for different purposes by explaining how its administrative agencies take charge of different fields but carry out cyber operations to achieve their goals. The second section describes and analyzes the interconnectivity in North Korea's suspected cyber operations: specifically, Campaign Kimsuky, Operation KHNP, Operation DarkSeoul, Operation Blockbuster, the Bangladesh Central Bank Heist, and Wannacry. The operations will be categorized by operational goals, showing North Korea's success at achieving its various purposes by these means. In the last section, we suggest a future cyber strategy direction for North Korea based on our analysis of its tactics, techniques and procedures; and how North Korea cooperates with other countries, including countermeasures for countries around the world.

AB - According to a 2013 briefing from the South Korean National Assembly by the South Korean National Intelligence Service, North Korean leader Kim Jong-un stated, 'Cyberwarfare is an all-purpose sword that guarantees the North Korean People's Armed Forces ruthless striking capability, along with nuclear weapons and missiles.' Kim has secretly executed all-purpose cyberattacks to achieve his agenda, regardless of North Korea's diplomatic and economic situation. The 'all-purpose sword' has been adapted to the different purposes it has pursued against North Korea's adversaries, such as creating ransomware for financial gain, a cyberweapon to destroy computer systems, and an invisible espionage tool to accumulate sensitive information. This paper is divided into three parts. The first section discusses the will of North Korea to use cyber warfare for different purposes by explaining how its administrative agencies take charge of different fields but carry out cyber operations to achieve their goals. The second section describes and analyzes the interconnectivity in North Korea's suspected cyber operations: specifically, Campaign Kimsuky, Operation KHNP, Operation DarkSeoul, Operation Blockbuster, the Bangladesh Central Bank Heist, and Wannacry. The operations will be categorized by operational goals, showing North Korea's success at achieving its various purposes by these means. In the last section, we suggest a future cyber strategy direction for North Korea based on our analysis of its tactics, techniques and procedures; and how North Korea cooperates with other countries, including countermeasures for countries around the world.

KW - cyber strategies

KW - mixing tactics

KW - North Korea

KW - North Korean cyber forces

KW - state-sponsored cyber operations

KW - techniques and procedures

UR - http://www.scopus.com/inward/record.url?scp=85069187829&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85069187829&partnerID=8YFLogxK

U2 - 10.23919/CYCON.2019.8756954

DO - 10.23919/CYCON.2019.8756954

M3 - Conference contribution

AN - SCOPUS:85069187829

T3 - International Conference on Cyber Conflict, CYCON

BT - 2019 11th International Conference on Cyber Conflict

A2 - Signoretti, Massimiliano

A2 - Tolga, Ihsan

A2 - Minarik, Tomas

A2 - Visky, Gabor

A2 - Alatalu, Siim

A2 - Biondi, Stefano

PB - NATO CCD COE Publications

ER -