In this interview, Jean Lee, Public Policy Fellow at the Wilson Center, discusses North Korea’s cyber-attacks and how they finance Pyongyang’s missile developments despite the international sanctions against the regime. Ms. Lee notes that Kim Jong-un, early on in his rule, has overseen the cultivation of “cyber warriors,” who have stolen more than two billion dollars in cyber theft over the last few years. As cyberattacks are difficult to trace and attribute, Pyongyang’s investment in cyber has become a successful means of circumventing sanctions. Ms. Lee underscores the importance of ROK-U.S. cooperation in accelerating momentum for a technology alliance centered on cybersecurity. She especially highlights Seoul’s role, provided that it has a depth of experience in responding to North Korea’s cyber-attacks and is at the forefront of cryptocurrency technology. Moving forward, she advises the Yoon administration to increase enforcement and regulation in cryptocurrency at the intersection between policy and technology.




I. The Background Behind North Korea’s Cybersecurity Attacks


• As part of her research, Ms. Jean Lee looks into “how North Korea produces hackers when most of the people are disconnected from the internet.”


• Ms. Lee states that “Kim Jong-un has managed to add to his formidable weapons program,” notwithstanding “very little export and import for a country that relies on the outside world for fuel, food, and other basic necessities.”


• During her reporting trips to North Korea from 2008 to 2017, which she refers to as the “succession period” from the Kim Jong-il to Kim Jong-un regime, Ms. Lee notes that “the propaganda campaigns were centered on science and technology.” Under this campaign, Kim Jong-un “invested in an elite group of students to become computer-savvy” and “has overseen the cultivation of a core group of what we call “cyber warriors.”


• She claims that this was a way for Pyongyang to engage in illicit money-making; that is, to “find a new, modern way to get around the sanctions and make money.”


II. The Scale of North Korea’s Cybersecurity Attacks


• Ms. Lee states that “North Korea’s investment in cyber, as a form of money-making, is something that has been very successful for them in circumventing sanctions.” She evaluates that “North Koreans are constantly one step ahead.”


• Ms. Lee emphasizes that Pyongyang’s cyber-attacks largely remained under the surface because “we underestimate them.” Nonetheless, according to a confidential United Nations report in 2019, North Korea has managed to “steal more than two billion dollars in cyber theft” over 35 instances across 17 countries. This “doesn’t include the reported theft of more than 600 million dollars in cryptocurrency from a popular video game.”


• Pyongyang’s attacks have “reached a level of awareness among the South Korean public as well,” following the arrest of two South Koreans suspected of “spying for North Korea,” “paid with the digital currency of Bitcoin.”


• Although North Korean hackers seem distant from our everyday lives, they in fact, “target us in our everyday lives, every single day.” To illustrate, “our lives are so much online, especially in South Korea.” North Korean hackers can easily take advantage of how South Koreans can be “held hostage” in the online space.


• Not to mention, “the number of cyber-attacks from suspected North Korean hackers is over a million a day” in South Korea.


III. The Implications of North Korea’s Cybersecurity Attacks on the Sanctions Regime


• Ms. Lee underscores the importance of incorporating cyber in Washington’s policy circles, provided that it is an integral part of policy research “when it comes to sanctions.” As “sanctions and borders don’t matter in the world of cyberspace,” “North Korea is relying more heavily on cyber theft.”


• While she notes that “cyber is notoriously difficult to trace and very difficult to attribute,” “the North Koreans are leaving some tell-tale signs.” She claims that they are a “bit clumsy” because “they haven’t grown up in the internet the way we have.” Likewise, “there are slight variations in the spelling and vocabulary and some of those come up in the malicious codes that the North Koreans are using.”


• She suggests that sanctions regimes should “target those overseas networks;” that is, “young men were dispatched on legitimate visas to carry out IT work,” which the FBI believes to be “hacking.” Clamping down on overseas networks would “stem the flow of currency back to North Korea but also really make it very difficult for the North Koreans to operate overseas.”


• Ms. Lee posits that North Korea faces the challenge of “turning digital currency into fiat currency,” now that they’ve been investing in cryptocurrency.


IV. Prospects for ROK-U.S. Cooperation on Technology and Cyber


• While President Moon and Biden vowed on their summit last year “to create a working group on cyber,” “there hasn’t been much progress.”


• The recent summit between President Yoon and Biden was focused on “restoring alliances and reassuring allies in Asia.”


• As “South Korea has been a target of cyber-attacks from North Korea for such a long time,” Ms. Lee underscores that Seoul has “a depth of experience, and has a lot of experience to share.” It has been utilized by Pyongyang’s hackers as “a practice ground,” which is attested by the fact that “everything that we were seeing in South Korea, we’ve seen them try out elsewhere.”


• In this regard, Ms. Lee notes that “this is an area where South Korea can really take a lead,” especially provided that “South Korea is regarded by the rest of the world as being at the forefront of technology.”


V. Steps Forward for the Yoon Administration


• Ms. Lee assesses that North Korean hackers are taking advantage of the vulnerability that stems from “a lack of regulation both on the national level and internationally.” She advises that there should be “protection and information-sharing,” should the Yoon administration “embrace digital currency going forward.”


• If “South Korea is at the forefront in terms of embracing cryptocurrency,” Ms. Lee stresses that it should also be “on the forefront in enforcement and regulation.”


• She highlights the necessity of “marrying the understanding of technology with an understanding of the psychology, the policy.” Governments should “treat it like a policy issue rather than just a tech issue.”


• Ms. Lee adds that we cannot compete with the motivation Kim Jong-un has in training cyber warriors. That is to say, “they have more motivation and pressure than any of our cybersecurity experts could ever have.” To counter this, she proposes that “the South Korean government needs to invest in their cybersecurity experts and treat them like cyber warriors as well.” ■


※ Please cite accordingly when referencing this source.


VI. Biography


Jean H. Lee_ Public Policy Fellow at the Wilson Center. Lee is a veteran foreign correspondent and expert on North Korea. Lee led the Associated Press news agency’s coverage of the Korean Peninsula as bureau chief from 2008 to 2013. In 2011, she became the first American reporter granted extensive access on the ground in North Korea, and in January 2012 opened AP’s Pyongyang bureau, the only U.S. text/photo news bureau based in the North Korean capital. She has made dozens of extended reporting trips to North Korea, visiting farms, factories, schools, military academies and homes in the course of her exclusive reporting across the country. Lee served as a Wilson Center Public Policy Scholar and Global Fellow before joining the Asia Program as Korea Center program director. She is co-host of the Lazarus Heist podcast on the BBC World Service.



Typeset by Seung Yeon Lee, Research Associate
    For inquiries: 02 2277 1683 (ext. 205) |


Security and External Relations

Related Articles