A new alliance in cyberspace?
By Stan Vitek, Resident Geopolitical Analyst, Cyfirma
Introduction
Last month, North Korean leader Kim Jong Un took a rare trip beyond his country’s borders – in fact his first since 2020 – via a heavily armored train to Russia, where he met with Russian president Vladimir Putin. The visit stoked fears that there could be increased weapons and technology transfers between the two nations hostile to the West and its partners in Asia, that North Korea could provide Russia with badly needed munitions for its war in Ukraine while Russia could share sensitive nuclear or missile technologies and cyber knowhow with the hermit kingdom. By the same time, the North Korean military unveiled a nuclear-capable submarine and North Korean state media said the country aims to equip all its existing medium-sized diesel submarines with nuclear attack capability and develop nuclear-powered submarines in the future. Pyongyang is working to develop a robust nuclear triad: land-launched stationary and mobile missiles, submarine-launched missiles, and aircraft-launched missiles, although this last vector remains relatively underdeveloped. This is where the news comes full circle, as such development would be very difficult without external expertise. And finally, this week a study on digital threats from East Asia revealed that North Korean cyber operations have increased in sophistication over the past year and stated that Pyongyang’s threat actors seem particularly interested in stealing information related to maritime technology research. After years of mistrust, both Russia and North Korea seem to have something that the other wants and needs. But let us start with a very brief recap.
Relationship with a history
Until the Russian invasion of Ukraine, relations between North Korea and Russia were characterized by a utilitarian and transactional nature peppered with occasional diplomatic misunderstandings, despite the legacy of close relations that existed between North Korea and the Soviet Union since Russia is the major successor state to USSR and North Korea has been founded based on Soviet backing and conceived directly in Soviet Union between the Soviet leadership and then the country’s future first paramount leader Kim Il Sung.
In 2015, Vladimir Putin invited the third generation Kim-dynasty North Korean leader Kim Jong-un to Russia on the occasion of celebrations of the seventieth anniversary of the end of World War II, but Kim was not ready for such a meeting at the time, given his ongoing consolidation of power at home. Russia also supported UN Security Council sanctions against North Korea until 2017 and failed to make progress in identifying mutually beneficial areas of economic cooperation. The 2019 summit between Kim and Putin, held months after the failure of the Hanoi summit between Kim and former US President Donald Trump, resulted in Putin’s solo media briefing on the meeting, reflecting the inability of both sides to find compatibility in the interests of the two countries.
The Russian invasion of Ukraine in 2022 provided the basis for a convergence of the political needs and material interests of the two countries. North Korea has provided political support to Russia by recognizing the independence of puppet governments in separatist provinces in Ukraine in exchange for Russia blocking further sanctions in the Security Council for launching long-range missiles in violation of Security Council resolutions. The respective autocratic leaders of Russia and North Korea have pledged to increase bilateral economic and security cooperation and North Korean state propaganda outlets published a commitment to push back against “common enemy”, referring to the United States and their security partners in Asia. The Russian state-controlled media issued statements on increasing security ties as a part of Russian strategic posturing in the region as the bulk of the Russian military is tied up in its war on Ukraine, where Russian progress has grinded down to a halt since the summer of 2022.
North Korea and the impact on the war in Ukraine
North Korea possesses substantial weapons stockpiles and also represents a possible base for the production of certain types of legacy Soviet design weapons Russia could use, particularly Soviet-caliber artillery ammunition, although within the constraints of the low efficiency and quality of North Korean factories and the lack of raw materials. Thus, North Korea will most likely send Russia mainly stockpiles of old artillery shells, anti-tank missiles and rockets for unguided salvo rocket launchers. All of these munitions, while effective and lethal, lack modern guidance systems and levels of technological sophistication. However, as Stalin aptly noted, quantity has a quality of its own, and Russian military doctrine has historically been based on this principle. The Russian military is doctrinally and structurally oriented toward the decisive use of overwhelming ground firepower, not firepower delivered to a target by airpower, as is the case in the United States or Japan. The Ukrainian army is still also largely based on legacy Soviet tactics, and thus sufficient stockpiles of artillery ammunition is one of the most important factors on both sides of the conflict on which the outcome of the war stands and falls, which is why North Korean artillery shells are very important to Russia.
Kim Jong-un’s tours of factories of the military-industrial complex after a recent pompous visit by the Russian defense minister could signal North Korea’s desire to become a manufacturing base for supplying more weapons to Russia. However, this assistance will not be free, and the North Koreans will in return demand Russian support for the acquisition and development of advanced missile and satellite technology, the aforementioned nuclear submarine technology, as well as food aid, cheap oil and know-how transfers, including in the cyber domain. However, it is not yet certain whether the two sides will be able to provide each other with the level and type of military support that will match the expectations.
New dynamics in the region?
The refurbished military relations between North Korea and Russia will resume two-way shipments of military equipment and dual-use goods, including technology long desired by the North Korean military but denied to it for decades by both China and Russia due to compliance with international sanctions. These include modernization for aircraft, sophisticated missile technology, submarine technology and other advanced weapons systems.
In addition, North Korea signaled the geopolitical importance of closer relations between China, North Korea and Russia by hosting both Russian Defence Minister Sergei Shoigu and Chinese Communist Party Central Committee member Li Chung-chong in late July on the 70th anniversary of the signing of the Korean Armistice, which North Korea internally commemorates as ‘Victory Day’. Also mentioned was the possibility of North Korea joining regular Sino-Russian military exercises, which would mark another step forward for this newly fortified coalition.
This ‘coalition’ of China, North Korea and Russia is still a far cry from the alliance cohesion and deep coordination that the United States, Japan and South Korea pursue on bilateral basis, and which, in accordance with the diplomatic breakthroughs this summer, all three states intend to expand significantly in the face of regional threats (more on this topic in this Cyfirma research article). The emergence of these coalitions, with conflicting interests and visions for the direction of the region, in turn exacerbates tensions in Northeast Asia. Closer relations between North Korea and Russia partly mitigate North Korea’s political isolation, strengthen Kim Jong-un’s domestic political legitimacy and give North Korea the courage to continue developing missiles and satellites or launching cyber-attacks with impunity.
Dictators’ priorities
The summit between the two autocratic leaders presented a clear signal of a new level of strategic cooperation based on perceptions of interrelated strategic interests and similar perceptions of security threats. In his seminal work Cold War, leading American historian John Lewis Gaddis put Stalin’s Cold War priorities in this way:
Stalin’s postwar goals were security for himself, his regime, his country, and his ideology, in precisely that order. He sought to make sure that no internal challenges could ever again endanger his personal rule, and that no external threats would ever again place his country at risk.
This can also be said of the Putin and Kim Jong-un duo, who are now finding common ground in the new Cold War as the current state of international relations is often characterized. So, while both autocratic leaders aimed to project solidarity against a global order dominated by the West in their statements, their strategic convergence actually stems from a more transactional logic spurred on by difficult circumstances for both leaders.
The Cyber Angle: Potential for Russia-DPRK cooperation in cyberspace
Russia’s immediate interest in cultivating its relationship with North Korea is the prospect of Pyongyang supplying Russia’s army with artillery ammunition, as expenditures have far exceeded Russian production capacity. There are, however, other potential areas of cooperation, notably in cyberspace.
Prior to 2017, virtually all of North Korean internet traffic had passed through China and specifically through a single meta-network based in Shenyang, the largest Chinese city close to North Korean borders, where there strong North Korean cyber community is based due to insufficient infrastructure in the home country. However as of 2017, North Korea is also linked to Russia, presumably via cable running through the Friendship Bridge over the Tumen River that connects Khasan in Russia with Tumangang in North Korea and constitutes the only connection between the two countries. However, that is not the only instance of technological facilitation in the relationship. Given the general low level of technical expertise, general backwardness and very low internet connectivity in North Korea, the North Korean attacks are widespread and increasingly sophisticated, which leaves the experts to believe China and lately especially Russia were technical facilitators for Pyongyang, which would constitute a historical precedent for Russian state hackers sharing their know-how with their North Korean counterparts.
Potential cooperation between Russia and North Korea in cyberspace wouldn’t necessarily require much coordination. Most of North Korea’s offensive cyber operations are already directed against countries whose relations with Russia are at least cool, if not downright adversarial. In 2023 alone, North Korean APTs have compromised defense companies
in the Czech Republic, Finland, Italy, Norway and Poland – all countries with an adversarial stance to Russian aggression in Europe. At the same time, as outlined above, the relations between the two countries still remain largely transactional and the Russian government and defense industries remain targets for North Korean APTs as well. This spring alone, DPRK’s threat actor Ruby Sleet compromised an aerospace research institute in Russia, while another APT compromised a device belonging to a university in Russia with yet another group sent phishing emails to accounts belonging to Russian diplomatic government entities, only to be followed by targeting of a Russian defense industrial base organization specializing in missiles and military spacecraft by two important North Korean hacking groups ScarCruft and the notorious Lazarus.
That being said, the Russian regime is under such pressure that it is likely to overlook such intrusions in pursuit of much higher and indeed existential priorities for itself. Russia may even use North Korean APTs as proxies in the future, since DPRK is already sanctioned almost to the maximum and in case of eventual diplomatic fallout has thus very little to lose. Thus, the digital flank of the Russia–Ukraine conflict which Russia tries to promote as a new-world-order-type-of-conflict between the West and loose anti-western coalition spearheaded by Russia and China and the ongoing tensions on the Korean peninsula are in risk of being greatly enhanced by closer collaboration between Russian and North Korea, that would bring a country with precious very little to lose to engage the West in the fifth domain.
Conclusion
Both North Korea and Russia are highly cyber-capable nations with a very high degree of willingness to use cyber as a tool of statecraft. Hackers of both countries can disrupt or break key infrastructure and steal sensitive information. Russia’s efforts in online fraud, disinformation and disruption to core infrastructure has become a significant threat to Western societies. North Korean cyber operations are also increasingly sophisticated. North Korean state hackers both collect intelligence and generate revenue for the state. The cyber espionage efforts are focused on the state’s perceived adversaries: mainly South Korea, the United States, and Japan; collecting intelligence on other countries’ military capabilities and stealing technologies that could be used by North Korean military – these efforts also include Russia and China as potential technology sources; and increasingly on stealing funds in the form of cryptocurrency that the state later uses to fund its UN sanctioned missile and nuclear programmes. The distinct North Korean threat actors have repeatedly shown overlaps in targeting in the recent past and their efforts have been increasingly sophisticated.
An agreement to supply artillery shells is the most significant result of the Russia–North Korea cooperation but it is not the only one aspect of this deal, which paves the way for more dangerous technology and know-how transfers and it connects war in Europe more directly with tensions in Asia. Both Russia and DPRK have been showing contempt for international rules in recent years and have actively and unscrupulously used cyber to promote their agenda. North Korea is to remain focused on targets related to its political, economic, and defense interests in the region but the announced heightened security cooperation between the two regimes should be treated as portending increased risk in cyberspace, especially for USA, South Korea, Japan and European NATO countries.
About the Author
Resident International Relations Analyst at Cyfirma, working for technology companies in Southeast Asia and the US since graduation from International Security Studies at Charles University in Prague in 2019. He focuses on international relations and security issues, especially on those revolving around West-East axis Stan can be reached online at ([email protected], https://twitter.com/FogOfWarCZ, etc..) and at our company website https://www.cyfirma.com