By Sofia COMI
8 May, 2025
Source : Instock
Introduction
Ever since the United States detonated the world’s first nuclear weapon in 1945, multiple countries have proceeded to expand their own armaments in an effort to ensure national security. In particular, feeling like “a shrimp amongst whales,” the Democratic People’s Republic of Korea (DPRK) has been developing its nuclear programme for decades as a means of ensuring regime survival, diplomatic leverage, and international prestige. Amongst the so-called “nuclear club,” the DPRK therefore constitutes one of the greatest challenges to regional stability and Western interests.
As a response to the country’s nuclear aspirations and escalating missile tests, diplomatic efforts were undertaken over time in the hopes of achieving its denuclearisation. However, their repeated failures led to the imposition of stringent sanctions by the UN Security Council as well as a number of individual countries. These sanctions strained Pyongyang’s international stance and economy, as well as the living conditions of the North Korean people. However, the DPRK continues to carry out high-profile, publicised tests and to develop new nuclear technologies, leading to questions regarding the origins of the country’s resources. The answer lies in cybercrime, which Pyongyang has embraced to fund and advance its nuclear programme.
The purpose of this essay is therefore to examine how North Korea leverages its cyber capabilities to circumvent sanctions and develop its nuclear programme. This will be achieved first by looking at the history of the programme’s evolution and the consequent sanctions that have been imposed upon Pyongyang. Subsequently, the DPRK’s reliance on cybercrime will be analysed by taking into consideration its two prongs: cyber theft and cyber espionage.
History of the North Korean Nuclear Program
Although North Korea’s nuclear programme started in the early 1950s, actual work began only through a cooperative agreement signed with the Soviet Union in 1959, leading to the construction of the Yongbyon Nuclear Scientific Research Centre. Though the agreement only allowed for peaceful applications of nuclear energy, in the following years the DPRK started expanding its programme to also develop military capacities.
Over time the country did publicly commit to non-proliferation, for instance by joining the Non Proliferation Treaty as a non-nuclear state in December 1985. Furthermore, in January 1992 the Joint Declaration on the Denuclearisation of the Korean Peninsula was signed: North and South Korea agreed “not to test, manufacture, produce, receive, possess, store, deploy, or use nuclear weapons”.
Despite such commitments, Pyongyang announced its withdrawal from the NPT as soon as in 1993. Intense negotiations with the United States managed to diffuse the crisis through the 1994 Agreed Framework, under which North Korea was to suspend its plutonium production. However, in 2002, the US accused Pyongyang of clandestine uranium enrichment activities, leading, the following year, to an official DPRK withdrawal from the NPT.
During that same period, reports of North Korea’s reprocessing of spent fuel to generate plutonium led to the Six-Party Talks, in the hopes of bringing Pyongyang back under NPT safeguards.The process, however, was unsuccessful due to a variety of disagreements between the parties involved, and, in October 2006, the first North Korean nuclear test was carried out at the Punggye-ri test facility. Although other diplomatic efforts had been made, other nuclear tests were then conducted in 2009 and again in 2013, 2014, and 2016. Further improvements were made to Pyongyang’s programme in 2017, when it fired its first Intercontinental Ballistic Missile (ICBM) and later on conducted its biggest nuclear test to date.
In 2018, in a climate of cooperation with South Korea, the DPRK halted nuclear testing and publicly closed the Punggye-ri test facility. This then set the stage for a meeting between the Supreme Leader Kim-Jong Un and US President Donald Trump, where they committed to work towards denuclearisation. However, in July 2018, a covert uranium enrichment site was discovered at Kangson, sparking suspicion about Pyongyang’s real intentions concerning disarmament.
Sanctions
The international community has tried to halt North Korea’s development of military nuclear capabilities not only through diplomatic efforts, but also by implementing a series of sanctions. In particular, the UN Security Council (UNSC) has been resorting to sanctions ever since Pyongyang’s first nuclear test of 2006, with Resolution 1718 banning the supply of missile technology, heavy weaponry, and luxury goods. These measures, over time, were tightened as a consequence of the DPRK’s following nuclear tests. Other bans were also introduced: for instance, Resolution 2371 imposed a total ban on coal, iron, and seafood, while Resolution 2397 banned exports of metal and agricultural resources, and further restricted oil imports.
The United States has also been imposing unilateral sanctions on North Korea ever since the regime’s attempt at nuclear proliferation was deemed a national emergency in 2008. Measures include a ban on transactions involving arms trade, support to Pyongyang’s military and governments, luxury goods, and economic engagements such as investments, imports, or exports with the DPRK.
Furthermore, as US allies, Australia, South Korea, Japan, and the European Union have taken measures beyond the scope of the UNSC’s resolutions. Though each government imposed their own set of sanctions, collectively they have been targeting trade, investments, export of luxury goods and oil, maritime activities, remittances, and the movement of individuals.
The effectiveness of these sanctions, however, is disputed: on the one hand, they are “indisputably hurting the North Korean economy”, leading to considerable trade losses despite evasion tactics. Nevertheless, sanctions have not yet been successful in getting Pyongyang to back down from its nuclear programme, as progress in missile technology shows that the government can still manage to acquire the necessary means and knowledge.
North Korean Use of Cybercrime
Faced with stringent economic sanctions, North Korea has turned to a variety of illicit activities to sustain its economy and, more specifically, its nuclear programme. While counterfeit cigarettes and currencies, as well as production and trafficking of methamphetamines once dominated the country’s revenue streams, Pyongyang has, in recent years, shifted to cybercrime. In fact, this borderless and lucrative form of crime has allowed the DPRK to bypass sanctions and generate the funds necessary to the development of its nuclear arsenal.
Central to these activities are threat groups such as APT38 and the Lazarus Group. Operating under the Reconnaissance General Bureau, the country’s clandestine security apparatus, these cyber forces are trained and backed by the government with the objective of collecting intelligence and generating illicit revenue.
Cyber Theft
Reportedly, the DPRK turned to cyber theft for the first time in 2015, initially programming ATMs into dispensing cash to be collected by mules at scheduled times. However, the regime also orchestrated bank heists: in 2016, the Lazarus Group stole $81 million from the Central Bank of Bangladesh’s New York Federal Reserve account by sending fraudulent requests through the SWIFT system.
Since then, activities have evolved into investment schemes, stealing of digital currency from cryptocurrency exchanges, and ransomware attacks. Notably, the 2017 WannaCry virus infected thousands of systems across 150 countries by demanding ransom money to unlock data, marking one of the first North Korean attempts at generating revenue through cybercrime.
Cryptocurrency theft, however, has proven to be especially lucrative because of a lack of centralised security: by using mixers, for example, hackers can blend their money with that of other users. Consequently, cybercriminals can, for the price of a small fee, launder their stolen deposits and get back clean, utilisable funds. The efficacy of mixers is proven by the fact that, in 2022, 30% of the money they laundered came exclusively from North Korean actors, positioning them as one of the largest users in the world.
Having moved almost all of its operations to this domain by now, the DPRK is estimated to have stolen around $2.5 billion in cryptocurrency in only three years, between 2020 and 2022. Even before this surge, in 2019, the UN Panel of Experts had already accounted for a North Korean war chest worth at least $670 million created through cyber theft, and $2 billion specifically raised for Pyongyang’s different weapons programmes.
According to the Panel’s 2024 Report to the UN Security Council, these cyberattacks now make up for half of North Korea’s foreign currency income, much of which is invested directly into the country’s weapons development. More specifically, the Report says around 40% of Pyongyang’s nuclear programme is now estimated to be funded by malicious cyberactivities.
Cyber Espionnage
Another prong of North Korea’s exploitation of cyber capabilities for the development of its nuclear programme concerns cyber espionage. A central actor in this field is the hacker group Advanced Persistent Threat 45, known as APT45 or Andariel, which is believed to be tied to the Reconnaissance General Bureau and “one of North Korea’s longest running cyber operators”. Andariel has not been acting alone, as other well-known actors, such as the Lazarus Group, have gotten involved in a number of cyber espionage operations. However, APT45 reportedly has at its disposal “a library of malware tools which are relatively distinct from other North Korean activity clusters.”
The group has apparently been operating since 2009, changing its targets in accordance to Pyongyang’s evolving interests over time. Over the last decade, in particular, Pyongyang’s cyber activities have been targeting other countries’ critical nuclear infrastructures and stealing sensitive data.
For instance, in 2014, in a hack to at least two reactors of Korea Hydro & Nuclear Power (KHNP), Pyongyang stole information regarding “designs and manuals […], electricity flow charts and estimates of radiation exposure among local residents.” Furthermore, India’s largest nuclear facility, Kudankulam Nuclear Power Plant (KNPP), was the victim of a malware attack in 2019 carried out by the Lazarus Group, likely in association with APT45. The cyberattack, which is believed to have lasted over six months without being detected, managed to gather information from the power plant’s administrative network.In 2022, another North Korean group, Kimsuky, also known as APT43, breached the internal network of Korea Atomic Energy Research Institute (KAERI), the only nuclear research institute in South Korea. Moreover, at the end of 2023, APT45 reportedly stole critical intelligence on anti-aircraft systems by targeting South Korean defence companies. According to South Korean security services, Andariel, Kimsuky, and the Lazarus Group have collectively infiltrated over 80 defence companies in the country just between October 2022 and July 2023.
Over time, APT45 has stolen information regarding an array of technologies and weapons, such as tanks, submarines, torpedoes, combat ships, drones, fighter aircraft, satellite communication and missile defence systems. In particular, the group has collected nuclear-related intelligence regarding nuclear power plants, uranium processing and enrichment, as well as blueprints of missile designs. Consequently, it has been assumed that the recent development of Pyongyang’s nuclear and missile technologies, for instance the launch of the new Pulhwasal-3-31 cruise missile and of the Hwasong-18 ICBM, have been drawing gains precisely from the stolen data.
Conclusion
Despite international efforts involving diplomatic talks, bilateral agreements, and economic sanctions, North Korea has shown no real interest in denuclearisation and has instead continued testing new technologies. To achieve its goal of containing “the constant threat of the enemies with overwhelming force”, Pyongyang found in cybercrime a way to circumvent the sanctions it has had to face, and to develop its nuclear arsenal despite international isolation.
In fact, by conducting bank heists, spreading malwares, and stealing cryptocurrency, North Korea has managed to become “the only country observed pursuing wealth generation via illegal cyber means.” Therefore, the DPRK has not only pioneered a new illicit way of generating revenue, but it has also succeeded in funding almost half of its nuclear programme through these activities. Pyongyang’s “magic weapon,” however, does not only provide it with the financial means necessary for the development of its nuclear arsenal, but also with useful missile blueprints and nuclear-related technical intelligence.
With an army made up of thousands of highly-trained cyberwarriors, the regime’s crimes in the digital world can generate revenue and transcend borders, all while being hard to trace, and therefore carrying minimal risk of attribution and repercussions. Being considered “one of the top four cyber threats in the world,” North Korea poses a challenge now both with its real-world nuclear developing arsenal, and in the digital domain, exposing the need for a new generation of best-responses and countermeasures from the international community.
Bibliography
Antoniuk, D. (2024, April 23). Familiar North Korean groups cited in cyberattacks against South Korean defense firms. Cyber Security News | The Record. https://therecord.media/south-korean-defense-companies-cyber-espionage-north-korea
Arntz, P. (2021, June 20). Atomic Research Institute breached via VPN vulnerability. Malwarebytes. https://www.malwarebytes.com/blog/news/2021/06/atomic-research-institute-breached-via-vpn-vulnerability
BBC. (2021, June 20). The Lazarus heist: How North Korea almost pulled of a billion-dollar hack. BBC News. https://www.bbc.com/news/stories-57520169
The Chosun Daily. (2013, May 11). N.Korea Boosting Cyber Warfare Capabilities. https://www.chosun.com/english/north-korea-en/
Das, D. (2019, November 4). An Indian nuclear power plant suffered a cyberattack. Here’s what you need to know. – The Washington Post. The Washington Post. https://www.washingtonpost.com/politics/2019/11/04/an-indian-nuclear-power-plant-suffered-cyberattack-heres-what-you-need-know/
Greig, J. (2024, July 25). North Korean hacking group targeted weapons blueprints, nuclear facilities in Cyber Campaigns. Cyber Security News | The Record. https://therecord.media/north-korea-andariel-apt45-weapons-systems-nuclear-facilities
Horschig, D. (2024, July 31). How are cyberattacks fueling North Korea’s nuclear ambitions? CSIS. https://www.csis.org/analysis/how-are-cyberattacks-fueling-north-koreas-nuclear-ambitions
Joint Declaration of the Denuclearization of the Korean …, 20 Jan. 1992, https://peacemaker.un.org/sites/default/files/document/files/2024/05/kr20kp920120jointdeclarationdenuclearizationkoreanpeninsula.pdf.
Katzeff Silberstein, Benjamin. “The Complicated Truth about Sanctions on North Korea.” East Asia Forum, 5 July 2023, https://eastasiaforum.org/2023/07/05/the-complicated-truth-about-sanctions-on-north-korea/.
Klingner, B. (2023). North Korea’s Cybercrimes Pay for Weapons Programs and Undermine Sanctions. BACKGROUNDER – the Heritage Foundation, (3790). https://doi.org/https://www.heritage.org/sites/default/files/2023-09/BG3790.pdf
Long, T., Johnson, J., Revelli, A., Barnhart, M., & Plan, F. (2024, July 25). APT45: North Korea’s Digital Military Machine | Google Cloud Blog. Google. https://cloud.google.com/blog/topics/threat-intelligence/apt45-north-korea-digital-military-machine
Maj Gen PK Mallick. (2019). Cyber Attack on Kudankulam Nuclear Power Plant – A Wake Up Call. Vivekananda International Foundation. https://www.vifindia.org/sites/default/files/cyber-attack-on-kudankulam-nuclear-power-plant.pdf
McCurry, J. (2014, December 23). South Korean nuclear operator hacked amid cyber-attack fears. The Guardian. https://www.theguardian.com/world/2014/dec/22/south-korea-nuclear-power-cyber-attack-hack
“N. Korea Demolishes Nuclear Test Site as Journalists Watch.” AP News, AP News, 29 Apr. 2021, https://apnews.com/article/b3d007a341db451abc74d45279f0d5c7.
North Korea and the NPT, NUCLEAR ENERGY, NONPROLIFERATION, AND DISARMAMENT, https://www.ipinst.org/wp-content/uploads/2010/04/pdfs_koreachapt2.pdf. Accessed 15 Nov. 2024.
“North Korea Nuclear Overview.” The Nuclear Threat Initiative, 15 Oct. 2021, https://www.nti.org/analysis/articles/north-korea-nuclear/.
“NORTH KOREA SANCTIONS PROGRAM.” Of ice of Foreign Assets Control, Department of the Treasury, 2 Nov. 2016, https://ofac.treasury.gov/media/9221/download?inline.
O’Neill, A. (2022). Cybercriminal Statecraft: North Korean Hackers’ Ties to the Global Underground. Harvard Kennedy School Belfer Center for Science and International Af airs. https://www.belfercenter.org/sites/default/files/files/publication/Cybercriminal%20Statecraft%20-%20Alex%20O%27Neill.pdf
O’Neill, A. (2024, March 26). Upholding North Korea sanctions in the age of decentralised finance. Royal United Services Institute. https://www.rusi.org/explore-our-research/publications/occasional-papers/upholding-north-korea-sanctions-age-decentralised-finance
Panda, A. “Exclusive: Revealing Kangson, North Korea’s First Covert Uranium Enrichment Site.” The Diplomat, July 2018, https://thediplomat.com/2018/07/exclusive-revealing-kangson-north-koreas-first-covert-uranium-enrichment-site/.
Reddick, J. (2023, December 6). North Korean hackers stole anti-aircraft system data from South Korean firm. Cyber Security News | The Record. https://therecord.media/north-korea-hackers-stole-anti-aircraft-system-data
Rich, T. S. (2012). Deciphering North Korea’s nuclear rhetoric: An automated content analysis of KCNA News. Asian Af airs: An American Review, 39(2), 73–89. https://doi.org/10.1080/00927678.2012.678128
Russel, D. R. (2019). FUTURE SCENARIOS: WHAT TO EXPECT FROM A NUCLEAR NORTH KOREA. Asia Society Policy Institute. https://www.jstor.org/stable/resrep48602
S/2019/691 (2019). https://documents.un.org/doc/undoc/gen/n19/243/73/pdf/n1924373.pdf?token=rWjZULV8zRt2KcFV EY&fe=true
S/2024/215 (2024), https://documents.un.org/doc/undoc/gen/n24/032/68/pdf/n2403268.pdf
Sekhar, – Metla Sudha, Khanchandani, – Dr. Anu, Penny, – Nigel, Agrawal, – CA Raj K, Mukeri, – Zafer, Saraf, – Anirudh, Raja, – CA, & Somani, – Shraddha. (2020, November 25). Breach at Kudankulam nuclear plant may have gone undetected for over six months: Group-IB. The Economic Times. https://economictimes.indiatimes.com/news/politics-and-nation/breach-at-kudankulam-nuclear-plantmay-have-gone-undetected-for-over-six-months-group-ib/articleshow/79412969.cms?from=mdr
S/RES/1718 (2006), https://documents.un.org/doc/undoc/gen/n06/572/07/pdf/n0657207.pdf.
S/RES/2371 (2017), https:/documents.un.org/doc/undoc/gen/n17/246/68/pdf/n1724668.pdf.
S/RES/2397 (2017), https:/documents.un.org/doc/undoc/gen/n17/463/60/pdf/n1746360.pdf.
“What to Know about Sanctions on North Korea.” Council on Foreign Relations, Council on Foreign Relations, 27 July 2022, www.cfr.org/backgrounder/north-korea-sanctions-un-nuclear-weapons. Why does North Korea want nukes?. The Heritage Foundation. (n.d.). https://www.heritage.org/insider/summer-2018-insider/why-does-north-korea-want-nukes