During the India-Japan Annual Summit in October 2018, Japan’s then- Prime Minister Abe Shinzo and India’s Prime Minister Narendra Modi underscored two vital areas of concern related to North Korea in their Vision Statement. One was Pyongyang’s nuclear proliferation linkages. The other, the Japanese abductions issue.
Perhaps, in the forthcoming meetings between newly sworn-in Japanese Prime Minister, Yoshihide Suga and Prime Minister Modi, an additional and very critical area of emerging concern will be added to the list. This concern, also emanating from North Korea, is most likely to bear catastrophic implications for both Tokyo and New Delhi if not highlighted and addressed.
The concern is the fast-growing and spreading North Korean cyber threat and operations with linkages extending to Nepal in South Asia, as recent reports have brought out.
The Lazarus Group
The presence of North-Korean hackers and a widened network of Chinese intelligence present in Nepal, and the collusion between the two, has transformed Nepal into a regional base for operations in South Asia by the State Security Bureau of China, and for cyber and money laundering operations by North Korea.
North Korea’s cyber army has reportedly been coordinating with the North Korean Directorate General of Military Intelligence, and is locally referred to as the Lazarus Group or Hidden Cobra.
The Lazarus Group launched mass-scale ‘phishing’ attacks through fake emails designed as COVID-19 relief efforts in order to target countries including the U.S., U.K., Japan, Singapore and India. Notably, the governments of all these countries have injected a substantial fiscal stimulus into their respective economies in order to aid domestic businesses and deal with the COVID-19 pandemic that spread throughout the world via the city of Wuhan in China.
Apparently suspected of having deeper linkages with China’s intelligence setup, North Korean hackers operating in cyber espionage target banking and financial systems across the world and steal critical technologies. The September 23, 2020 report mentioned above cited hacking attempts by means of injecting special computer programs like Icebug, Hidden Lynx, and APT-12 into systems.
Foreign Political Interference in Nepal
In December 2019, the Nepalese police had detained 122 Chinese men and women in its biggest crackdown on cybercrime and hacking into bank cash machines. Besides, local Nepalese media has reported that North Korean nationals were nabbed in November 2019 while working illegally in Kathmandu, Nepal’s capital city.
North Korea remains China’s most vital and proactive client state. And, it is well known that China’s recent involvement in Nepal’s domestic politics ensures that KP Oli continues as its Prime Minister, especially when Oli’s political opponents were convinced of their decision to oust him.
It was during this time that Chinese ambassador to Nepal, Hou Yanqi, canvassed her connections across Nepal’s political parties. Most significantly, it was none less than Chinese President, Xi Jinping, who reportedly interceded with an almost hour-long telephone conversation with Nepalese President, Bidhya Devi Bhandari. Jointly, Xi and Hou managed a fresh lease on the political life of Oli as prime minister.
This brings to light the role and influence of China’s United Front Works Department (UFWD), which is tasked to run China’s psychological and information operations with tentacles that are spread deep and wide abroad.
Role of the United Front Works Department
The UFWD’s primary objective remains expanding the support base and agenda of the Communist Party of China through its domestic and international wing. China’s foreign policymaking structure has UFWD at its core. And it is used as an entity that wields unprecedented control and authority aimed at influencing countries with the Chinese way of thinking and strategy.
When observed closely, the recent posting of all Chinese diplomats in South Asia find their origins in the UFWD. Hou Yanqi’s posting to Nepal, mentioned above, remains a conclusive case in point.
String of Reports Point to North Korea’s Illicit Activities
In a key April 2020 report issued jointly by the U.S. State Department, the Department of Homeland Security, the Treasury Department and the Federal Bureau of Investigation, Washington accused North Korea of employing an array of old and new forms of cyberattacks to steal and launder money, extort companies and use digital currencies to “generate revenue for its weapons of mass destruction and ballistic missile programs.”
This report only further corroborated the findings of an earlier August 2019 United Nations (UN) study. That study stated North Korea had generated an estimated $2 billion USD for its weapons of mass destruction programs using “widespread and increasingly sophisticated cyberattacks” to steal from banks and cryptocurrency exchanges.
Finding itself crippled under rigorous economic sanctions, the Kim Jong Un regime will continue to pursue its illegal activities in the cyber domain. These activities fund its foreign policy agenda while ensuring the survival of the Kim regime, politically and monetarily. The cyberattacks’ strategy also enables Kim Jong Un and his family to maintain strict domestic control.
Addressing the Asymmetric Threat
It is the need of the hour for nations including the U.S., Japan, India, and their partners to jointly address the cyber espionage and operations threat emanating from North Korea. This threat is assuming the shape of nothing less than an armed conflict without lethal weapons, highlighting the role of cyber capabilities in asymmetric military strategies of nations in the 21st century.
Washington, Tokyo, and New Delhi should collaborate to track and protect national security network-dependent assets, including early warning systems, against cyberattacks.
The espionage activities of North Korea, and its patron, China, in the cyber domain remain a sore reminder of the efficacy of international sanctions that are being successfully bypassed.
Author: Dr. Monika Chansoria
Dr. Monika Chansoria is a senior fellow at The Japan Institute of International Affairs in Tokyo and the author of five books on Asian security. The views expressed here are those of the author and do not necessarily reflect the policy or position of The Japan Institute of International Affairs or any other organization with which the author is affiliated.