By Joseph Choi, former HRNK Research Intern
Edited by Raymond Ha, HRNK Director of Operations and Research
May 23, 2023
In 2016, the International Mathematical Olympiad, the world’s premier high school mathematics championship, was held at the Hong Kong University of Science and Technology. On the night he was supposed to return to North Korea with the rest of his team, 18-year-old Ri Jong-yol, a teenage math genius from North Korea, defected just after winning silver for the third year in a row.
North Korea, one of the most repressive countries in the world, harbors some of the world’s most elite hackers. This may be shocking to some, since North Korea may appear to be lacking in terms of its economy, technology, and education. In fact, the North Korean regime relies on its apparatus of coercion, control, surveillance, and punishment to exploit the best and brightest minds in the country.
North Korean hackers have gained an infamous reputation over the last few years, especially with the number of hacking attacks that have specifically targeted cryptocurrency. While most observers only view North Korean hackers as weapons of a totalitarian state, these hackers are also victims of the North Korean regime’s policy of human rights denial.
The Selection Process
In 1996, Kim Jong-il allegedly told a group of frontline troops that “all wars in the future will be computer wars.”
According to defectors and South Korean officials, North Korea cultivates its elite hackers the same way other countries train future Olympic athletes. Math and science are heavily emphasized in elementary schools. Students who show promise in these fields are then given access to computers. Students as young as eleven years old who show promise are then forced through a series of special programming schools, where they are taught hacking skills and how to develop computer viruses.
The North Korean regime continues to invest in exceptional students to develop them into cyber soldiers. The top students at these specialized schools are allowed to travel abroad to compete in mathematical contests, just like Ri Jong-yol. In 2015, North Korean teams ranked first, second, and third, out of more than 7,600 teams worldwide in a global competition called CodeChef, which was held by an Indian software company. Three out of the top fifteen coders in CodeChef’s network of roughly 100,000 participants are North Korean. Students also go through intense preparation for annual “hackathon” competitions in Pyongyang. Teams of students are holed up learning how to solve hacking problems under severe time constraints. A North Korean defector familiar with the country’s cyber training said: “For 6 months, day and night, we prepared only for this contest.”
After going through specialized schools and competing at multiple competitions, top students then go on to attend some of the best universities in North Korea—including Kim Il Sung University, Kim Chaek University of Technology, Moranbong University, and Mirim University—to further develop their hacking skills. Students at Kim Il-sung University and Kim Chaek University of Technology often outperform their American and Chinese counterparts in the International Collegiate Programming Contest, which is considered the most competitive collegiate competition for programming and computing. During the 2019 International Collegiate Programming Contest, Kim Chaek University of Technology placed 8th, ahead of Oxford, Cambridge, Harvard, and Stanford.
The North Korean regime exploits talented students for its own objectives, not for the benefit of the country as a whole. Students are identified and scouted as early as elementary school. Students who show great promise in math and science are forced to undergo years of intense training with no opportunity to pursue their own interests. They are directed to fields that serve the regime’s objectives, such as hacking and weapons development. Additionally, students who are proficient in coding and programming are also trained as IT workers to earn foreign currency for the regime. U.S. officials warned companies from inadvertently hiring IT staff from North Korea because they were taking advantage of remote work opportunities to funnel money into Pyongyang, which then used the funds for its nuclear and ballistic missile programs.
These talented and hard-working students could use their skills to improve the lives of their fellow citizens by focusing on sectors such as technology, infrastructure, and engineering, but they are not given the opportunities to do so. The Kim regime sees the North Korean people as means to an end, not as unique individuals with dreams and aspirations.
Soldiers for the Regime
According to the testimony of a South Korean intelligence chief, Kim Jong-un reportedly declared that, “Cyberwarfare, along with nuclear weapons and missiles, is an ‘all-purpose sword’ that guarantees our military’s capability to strike relentlessly.”
Cyber operations have become central components of North Korea’s asymmetric military strategy, peacetime provocations, and illicit activities. According to South Korea’s 2020 Defense White Paper, North Korea operates a 6,800-strong unit of cyber-warfare specialists and is investing in research and development to enhance its cyber capabilities.
This unit, which works under the Reconnaissance General Bureau (RGB), is thought to be split up into three groups. The A team, often called “Lazarus,” attacks foreign entities and is associated with North Korea’s most notorious feats, such as the 2014 Sony and WannaCry attacks. The B team traditionally focuses on South Korea and sweeps for military or infrastructure secrets, while the C team does lower-skilled work, such as targeted email attacks.
In the past decade alone, North Korea has perpetrated numerous large-scale cyberattacks around the world. These attacks are not isolated to one sector, but are aimed at governments, private companies, financial institutions, and individuals.
In 2014, North Korea launched a massive cyberattack on Sony Pictures for planning to release The Interview, a comedy about the assassination of Kim Jong-un. The attackers, calling themselves the “Guardians of Peace,” stole huge amounts of information from Sony’s network, leaked the information to journalists, and then threatened to commit acts of terrorism against movie theaters. Sony Pictures canceled the release of its film after the attack, but it later reversed its decision and released the film in select theaters and online. American officials concluded that North Korea was “centrally involved” in the hacking of Sony Pictures. Intelligence officials also concluded that the cyberattack was state-sponsored and far more destructive than any other seen on American soil.
In February 2016, North Korea launched another state-sponsored cyberattack. This time, it targeted financial institutions across the world. The Lazarus Group attempted to steal at least $1 billion from the Bangladesh Bank and managed to steal $81 million. North Korean hackers compromised the bank’s computer network through spear-phishing emails sent to bank employees. They were then able to access the bank’s computer terminals that interfaced with SWIFT (Society for Worldwide Interbank Financial Telecommunications).
In December 2017, the U.S. and UK governments accused North Korea of the WannaCry malware attack that affected hospitals, businesses, and banks across the world. The attack was launched in May 2017 and is said to have hit more than 300,000 computers and caused billions of dollars in damage.
Although the North Korean regime has denied involvement in all of these cyberattacks, there is strong evidence to the contrary. These attacks are state-sponsored attacks that cause immense damage and strengthen the RGB for future attacks. These attacks do not benefit the people of North Korea, from the hackers to the citizens in the “hostile class."
The Rise in Cryptocurrency Attacks
North Korea has also capitalized on the rise of cryptocurrency by stealing hundreds of millions of dollars in the last few years. The lack of oversight and regulations on cryptocurrency has made it a prime target for the North Korean regime. Experts say that North Korea uses stolen digital currencies to fund its nuclear weapons and missile programs. According to a report by the UN Panel of Experts on sanctions against North Korea, North Korea stole more than $300 million worth of virtual assets between 2019 and 2020. In April 2023, Google’s cybersecurity unit, Mandiant, reported that over the past five years, a North Korean hacking group known as Kimsuky hacked cryptocurrency to financially support North Korea’s espionage operations related to its nuclear program. Kimsuky was able to launder the stolen crypto funds through cloud-mining services, disrupting the trail of the funds. The laundered funds were then used to collect information about nuclear weapons by sending spear-phishing emails to policymakers or researchers in South Korea and the United States.
In 2021, the U.S. Department of Justice released an indictment against three North Korean hackers, charging them for their alleged roles in a scheme that included attempts to steal and extort more than $1.3 billion of money and cryptocurrency from financial institutions and companies. Assistant Attorney General John C. Demers of the Justice Department’s National Security Division stated, “North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world’s leading bank robbers.” Acting U.S. Attorney Tracy L. Wilkerson for the Central Division of California said, “The conduct detailed in the indictment are the acts of a criminal nation-state that has stopped at nothing to extract revenge and obtain money to prop up its regime.” The indictment alleged that Jon Chang-hyok, Kim Il, and Park Jin-hyok were members of the RGB.
The North Korean regime has exploited some of its youngest and brightest minds for its own benefit, rather than enabling them to pursue their own aspirations. Students as young as eleven years old are forced onto a path that they cannot stray from. They are forced to train for years to hone their cyber capabilities to further the regime’s objectives. Rather than giving these extremely intelligent individuals the freedom to pursue other goals that would further the country’s development, they are forced into a restrictive and dangerous lifestyle.
The North Korean regime has benefitted immensely from its hackers, who have successfully launched massive attacks against a wide range of targets. The regime has stolen hundreds of millions of dollars through these attacks to directly fund its military, its nuclear and missile programs, and luxury goods for the core elite. Although these North Korean hackers live a better lifestyle than most, they still live in a repressive, oppressive, and inhumane society. The North Korean regime gives just enough to their hackers so they will not step out of line. If they do, they will be marked as traitors and most likely be thrown into the regime’s network of detention facilities.
If life were so good for these hackers, we would not have seen 18-year-old Ri Jong-yol escape from the regime. They have no choice but to become soldiers of the regime. Although they are weapons of the regime, they are also its victims.
Joseph Choi is a rising senior at Boston University pursuing a Bachelor's Degree in International Relations, with a regional concentration in Europe and a functional concentration in Foreign Policy and Security Studies.
 Bruce Harrison, “How North Korea Recruits Its Army of Young Hackers,” NBC News, December 8, 2017. https://www.nbcnews.com/news/north-korea/how-north-korea-recruits-trains-its-army-hackers-n825521.
 Timothy W. Martin, “How North Korea’s Hackers Became Dangerously Good,” The Wall Street Journal, April 19, 2018. https://www.wsj.com/articles/how-north-koreas-hackers-became-dangerously-good-1524150416.
 Harrison, “How North Korea Recruits Its Army of Young Hackers.”
 Martin, “How North Korea’s Hackers Become Dangerously Good.”
 Harrison, “How North Korea Recruits Its Army of Young Hackers.”
 Ed Caesar, “The Incredible Rise of North Korea’s Hacking Army,” The New Yorker, April 19, 2021, https://www.newyorker.com/magazine/2021/04/26/the-incredible-rise-of-north-koreas-hacking-army.
 “U.S. Warns against Inadvertently Hiring North Korean IT Workers,” Reuters, May 17, 2022. https://www.reuters.com/world/asia-pacific/us-warns-against-inadvertently-hiring-north-korean-it-workers-2022-05-16/.
 David E. Sanger, David D. Kirkpatrick, and Nicole Perlroth, “The World Once Laughed at North Korean Cyberpower. No More.,” The New York Times, October 15, 2017. https://www.nytimes.com/2017/10/15/world/asia/north-korea-hacking-cyber-sony.html.
 Mathew Ha and David Maxwell, “Kim Jong Un’s ‘All-Purpose Sword,’” Foundation for Defense of Democracies, October 3, 2018. https://www.fdd.org/analysis/2018/10/03/kim-jong-uns-all-purpose-sword/#easy-footnote-bottom-19-69181.
 “2020 Defense White Paper,” December 31, 2020, https://mnd.go.kr/user/mndEN/upload/pblictn/PBLICTNEBOOK_202301171100181360.pdf.
 Martin, “How North Korea’s Hackers Become Dangerously Good.”
 Emily St. James and Timothy B. Lee, “The 2014 Sony Hacks, Explained,” Vox, January 20, 2015. https://www.vox.com/2015/1/20/18089084/sony-hack-north-korea.
 David E. Sanger and Nicole Perlroth, “U.S. Said to Find North Korea Ordered Cyberattack on Sony,” The New York Times, December 17, 2014, https://www.nytimes.com/2014/12/18/world/asia/us-links-north-korea-to-sony-hacking.html.
 Jim O’Grady and Kenny Malone, “A SWIFT Getaway : Planet Money,” NPR, February 9, 2022, https://www.npr.org/2022/02/09/1079528331/a-swift-getaway.
 Sanger and Perlroth, “U.S. Said to Find North Korea Ordered Cyberattack on Sony.”
 “Cyber-Attack: US and UK Blame North Korea for WannaCry,” BBC News, December 19, 2017. https://www.bbc.com/news/world-us-canada-42407488.
 Christy Lee, “North Korea Turns to Crypto Theft to Fund Weapons Programs,” Voice of America, February 23, 2022, https://www.voanews.com/a/north-korea-turns-to-crypto-theft-to-fund-weapons-programs/6455347.html.
 Kim Boram, “N. Korean Hacking Group Kimsuky Funds Pyongyang’s Espionage Operations through Cybercrimes,” Yonhap News, April 4, 2023, https://en.yna.co.kr/view/AEN20230404005700320?section=nk/nk.
 U.S. Department of Justice, “Three North Korean Military Hackers Indicted in Wide-Ranging Scheme to Commit Cyberattacks and Financial Crimes across the Globe,” February 17, 2021. https://www.justice.gov/opa/pr/three-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and.
HRNK staff members and interns wish to dedicate this program to our colleagues Katty Chi and Miran Song.