Submit your essay to the AI-Cybersecurity Essay Prize Competition by January 2, 2025.
The AI-Cybersecurity Essay Prize Competition
Read more
Main Logo Expert commentary on tech and security

Emerging technologies will intensify the North Korean cyber threat

Abhishek Sharma 13 February 2024
Share On:
Artificial intelligence will expand North Korea’s cyber arsenal and the threat it poses
Main Top Image
Image created with the assistance of Midjourney

The World Economic Forum’s Global Risk Report 2024, released in January, puts cyber insecurity as the fourth most severe global risk, up from eighth in 2023.

North Korea is a major contributor to rising cyber insecurity. Its hackers stole $600 million in cryptocurrency in 2023, “almost a third of all funds stolen in crypto attacks last year”, according to a report by TRM Labs.

Evolving operations

North Korea emerged as a major cyber actor on the international scene in 2014 when it hacked multinational firm Sony Pictures. It was also the first time Washington openly attributed an attack to a foreign country.

Since then, Pyongyang has turned its hacking skill set towards evading international sanctions and stealing funds. It has exploited the fact that crypto is not well regulated. Elliptic, a crypto exchange monitoring organisation, said North Korean actors stole almost $900 million between July 2022 and July 2023.

A North Korean state-backed group, Lazarus, was behind one of the largest crypto thefts to date. They stole $625 million from the cryptocurrency network Ethereum, which is linked to a popular game called Axie Infinity. With these funds, Pyongyang has been able to finance the development of its nuclear and ballistic weapons programme.

North Korea is also using cyber operations for espionage, intelligence gathering, and information operations to steal critical military information. It targets academia, human rights organisations, and media companies; it creates discontent or mistrust through election fraud; and attacks critical national infrastructure, particularly in South Korea and the United States. The South Korean intelligence agency said that North Korea accounted for 80% of hacking attempts against South Korea in 2023, a figure that was up 36% from the previous year.

In 2016, North Korean hackers stole 235 gigabytes of classified military plans from South Korea’s Defense Integrated Data Centre. This allegedly also included a plan to assassinate senior officials and launch an air assault. Similarly, in 2023, South Korean shipbuilders faced multiple hacking attempts from North Korea, trying to steal information through spear phishing. Other attempts include attacks on Russian missile producers, aerospace and military companies, and an alleged effort to steal 1.2 terabytes of information, including data on laser weapons.

Hacking is critical in intelligence gathering for the regime’s survival, particularly to anticipate its adversaries’ planning and strategy. In August 2023, Kimsuky – a North Korea-based cyber group – attempted to attack a US-South Korea joint military exercise. The same group has also attempted to hack around 150 senior South Korean government officials from the diplomatic and security fields using malicious emails. In one case, hackers used a cloned digital identity for intelligence gathering, money laundering operations, and influence campaigns.

International response

The Biden administration has tried to regulate the virtual currency ecosystem to stop illicit cyber activity and enforce strict adherence to regulatory norms with detailed advisories. They have especially targeted virtual cryptocurrency mixers, which are service platforms that blend together different cryptocurrencies to obfuscate the original source of funds. Notable mixers, such as Tornado Cash, Blender.io, and Sindbad have faced sanctions. Tornado Cash, for example, was used to launder $455 million in cryptocurrency.

Last year, South Korea and the United States started working together to sanction, counter, and disrupt North Korea’s illicit cyber-domain activities, later joined by Japan with closer engagement with the private sector. Such measures have led to a $24.2 million reduction in the amount of money received by illegal cryptocurrency addresses. This is mainly the result of a drop in scamming cases because the US crackdown forced exchanges to implement stringent policies. 

Adapting to the restrictions

Amidst the hardening of regulations, North Korean hackers are searching for new ways to acquire funds. A 2024 report by the United Nations Office on Drug and Crime found that the North Korean Lazarus group is linked to Southeast Asian drug traffickers involved in “regional money laundering and underground banking networks” for cyber fraud operations.

This is not the first time North Korean cybercriminals have explored foreign avenues. Earlier attempts have involved collaboration with Russian and Chinese actors outside of state control, aiming to transfer funds to North Korea through financial or underground channels, such as the dark web. During a North Korean military parade last year, a tank was found to be equipped with an “automatic rocket interceptor system” that was allegedly obtained through cyber theft from either Chinese or Russian defence companies. This indicates that North Korea is willing to target even former ideological allies like Russia and China to obtain military technologies.

Emerging technology

Critical and emerging technologies like Artificial Intelligence (AI) will increase the impact and volume of North Korean cyberattacks.

North Korean hackers have limited resources, and AI tools, like Chat GPT, enhance their cyber capabilities and operations. Chat GPT, for example, can help with data exfiltration, web scraping, and identifying confidential data. It can also enhance English language skills for email phishing attacks. Digital tools such as voice cloning, deep fakes, image generators, and chatbots make fake profiles more realistic and more believable. AI models also help to identify vulnerabilities in codes and software.

US Deputy National Security Advisor Anne Neuberger has already acknowledged the risk of North Korean hackers exploiting AI and machine learning tools. She said, “We have observed some North Korean and other nation-state and criminal actors try to use AI models to help accelerate writing malicious software and finding systems to exploit.”

Earlier, the US Office of Foreign Assets Control, a financial and intelligence enforcement agency under the US Treasury Department, flagged the illicit activities undertaken by North Korean hackers and groups. Such attacks include the targeting of United States companies or IT freelancers. Hackers have been able to use AI tools like voice cloning and text converters to lure victims to run malware using compromised Korean websites that appear legitimate.

Emerging technologies enhance offensive operations, but they also help safeguard states’ essential infrastructure and strengthen defensive measures against malicious activities. According to Rob Joyce, the director of cybersecurity at the NSA, advancements in AI, machine learning, and deep learning have significantly improved our ability to detect and combat malicious behaviour. Countering cyber operations from hostile regimes will require a comprehensive approach that involves constant vigilance and collaboration with international partners, allies, and the private sector.

avatar
Abhishek Sharma

Related

Featured image
Hooked On Trends
Responsible tech business in conflict
Isabel Ebert / Timothy Charlton-Czaplicki 8 March 2024
Read more arrow
Featured image
Hooked On Trends
Russian space weakness may encourage satellite attacks
Elena Grossfeld 13 June 2024
Read more arrow
Featured image
Hooked On Trends
Germany’s leaky operational security causes embarrassment and strategic harm
Stephan Blancke 21 March 2024
Read more arrow

Terms and Conditions for the AI-Cybersecurity Essay Prize Competition

Introduction

The AI-Cybersecurity Essay Prize Competition (the “Competition”) is organized by the European Cyber Conflict Research Incubator (“ECCRI CIC”) in partnership with the Munich Security Conference (“MSC”). It is sponsored by Google (the “Sponsor”). By entering the Competition, participants agree to these Terms and Conditions (T&Cs).

Eligibility

The Competition is open to individuals worldwide who are experts in the fields of cybersecurity and artificial intelligence (“AI”). Participants must ensure that their participation complies with local laws and regulations.

Submission Guidelines

Essays must address the question: “How will Artificial Intelligence change cybersecurity, and what are the implications for Europe? Discuss potential strategies that policymakers can adopt to navigate these changes.”

Submissions must be original, unpublished works between 800-1200 words, excluding footnotes but including hyperlinks for references.

Essays must be submitted by 2 January 2025, 00:00 am CET., through the official submission portal provided by ECCRI CIC.

Only single-authored essays are accepted. Co-authored submissions will not be considered.

Participants are responsible for ensuring their submissions do not infringe upon the intellectual property rights of third parties.

Judging and Awards

Essays will be judged based on insightfulness, relevance, originality, clarity, and evidence by a review board comprising distinguished figures from academia, industry, and government.

The decision of the review board is final and binding in all matters related to the Competition.

Prizes are as follows: 1st Place: €10,000; Runner-Up: €5,000; 3rd Place: €2,500; 4th-5th Places: €1,000 each. The winner will also be invited to attend The Munich Security Conference

Intellectual Property Rights

The author retains ownership of the submitted essay.

By submitting the essay, the author grants ECCRI CIC exclusive, royalty-free rights to use, reproduce, publish, distribute, and display the essay for purposes related to the Competition, including but not limited to educational, promotional, and research-related activities.

The author represents, warrants, and agrees that no essay submitted as part of the essay prize competition violates or infringes upon the rights of any third party, including copyright, trademark, privacy, publicity, or other personal or proprietary rights, breaches, or conflicts with any obligation, such as a confidentiality obligation, or contains libellous, defamatory, or otherwise unlawful material.

The author agrees that the organizers can use your name (or your pseudonym) and an image of you in association with your essay for purposes of publicity, promotion and any other activity related to the exercise of its rights under these Terms.

The organizers may remove any essay-related content from its platforms at any time and without explanation.

The organizers may block contributions from particular email or IP addresses without notice or explanation.

The organizers may enable advertising on its platforms and associated social media accounts, including in connection with the display of your essay. The organizers may also use your Material to promote its products and services.

The organizers may, at its sole discretion, categorise Material, whether by means of ranking according to popularity or by any other criteria.

Data Protection

Personal information collected in connection with the Competition will be processed in accordance with Virtual Routes’ Privacy Policy. Participants agree to the collection, processing, and storage of their personal data for the purposes of the Competition.

Liability and Indemnity

ECCRI CIC, MSC, and the Sponsor will not be liable for any damages arising from participation in the Competition, except where prohibited by law.

Participants agree to indemnify ECCRI CIC, MSC, and the Sponsor against any claims, damages, or losses resulting from a breach of these T&Cs.

General Conditions

ECCRI CIC reserves the right to cancel, suspend, or modify the Competition or these T&Cs if fraud, technical failures, or any other factor beyond ECCRI CIC’s reasonable control impairs the integrity or proper functioning of the Competition, as determined by ECCRI CIC in its sole discretion.

Any attempt by any person to deliberately undermine the legitimate operation of the Competition may be a violation of criminal and civil law, and, should such an attempt be made, ECCRI CIC reserves the right to seek damages from any such person to the fullest extent permitted by law.

Governing Law

These Terms and Conditions are governed by the laws of the United Kingdom, without regard to its conflict of law principles. Any dispute arising out of or in connection with these Terms and Conditions, including any question regarding its existence, validity, or termination, shall be referred to and finally resolved by the courts of the United Kingdom. The participants agree to submit to the exclusive jurisdiction of the courts located in the United Kingdom for the resolution of all disputes arising from or related to these Terms and Conditions or the Competition.