Cyberattacks are also a way for the country to inflict damage with little risk of a military response. They are inexpensive and hard to trace, and they can be profitable.
Until last year, nation states rarely used cyberattacks for financial gain. China has been tied to attacks aimed at stealing trade secrets. A handful of countries, including Russia, the United States, Iran and North Korea, have also used cyberweapons.
North Korea has been tied to gunrunning, jewel smuggling, illegal gambling and counterfeiting to pay for its military and the lifestyle of the government, but as foreign nations have clamped down on those activities Pyongyang has turned to cyberattacks for badly needed funds.
“North Korea was always a state criminal, sheltered behind sovereignty, and now they’ve moved this into cyberspace,” said James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies in Washington.
Over the past year, the same North Korean hacking unit that hit Sony Pictures was linked to cyberattacks at banks in Vietnam and the Philippines, and to a breach at the Bangladesh Central Bank that resulted in the theft of $81 million. Last year, the same North Korean hackers breached more than 20 Polish banks.
And while it is still too early to point the finger definitively at Pyongyang, clues in the attack code and attackers’ machines suggest that the ransom attacks were the work of the same group of North Korean hackers, or of someone masquerading as them.
Though the North Korean hacking group that security experts call the Lazarus Group has been known to use different infection methods, the group’s telltale code, techniques and tools were seen in the ransomware attacks.
So far, the ransomware attacks, called WannaCry, have not proved very profitable. According to the latest tally of payments made to attackers’ Bitcoin wallets, victims have paid only $75,000 in ransom.
North Korea has in the past timed cyberattacks to coincide with its banned weapons tests — like the ballistic missile launched on Sunday — as a way of subtly flaunting its technology advances despite its global isolation.
Unlike its missile and nuclear weapons tests, however, North Korea has never announced or acknowledged its hacking abilities.
It also is possible that North Korea had no role in the attacks, which exploited a stolen hacking tool developed by the National Security Agency of the United States. Early Tuesday, the Shadow Brokers, the hacking group that spread the tool and is not believed to be linked with North Korea, threatened in an online post to start a “Data Dump of the Month” club, in which it would release more N.S.A. hacking methods to paying subscribers.
Security officials in South Korea, the United States and elsewhere say it is well known that the North Korean authorities have long trained squads of hackers and programmers, and that when superiors in North Korea issue instructions, these hackers are activated to attack targets.
Boo Hyeong-wook, a research fellow at the Korea Institute for Defense Analyses, said the scale of the recent attacks was large enough that it was likely to have been supported on a national level. He also said it would be a logical extension of the growing boldness of North Korean hackers.
While North Korean hackers have for years operated out of China, defectors and South Korean officials say they have been spreading to Southeast Asian countries, where government monitoring is less intense.
In countries like Malaysia, many North Korea hackers are believed to work undercover at technology companies and other jobs. Sometimes, the hackers will also run online gambling sites or even make use of ransomware to raise funds for themselves.
North Korea began training electronic warfare soldiers well before the internet era, according to defectors and South Korean officials. They selected math prodigies when they were 12 or 13 and trained them to become software developers, online psychological warfare experts and hackers.
They were also trained in foreign languages so they could operate abroad. North Korea sends students to study in Russia, China and, more recently, India to learn software and programming techniques. They return home and some are hired as hackers.
If the North Korean hackers were responsible for the disruptions suffered by Chinese computer users, that would constitute an extraordinary assault on North Korea’s most important neighbor.
Mr. Boo said the changing dynamics in the relationship between China and North Korea, which once described themselves as close as “lips and teeth,” could be why China was attacked.
“China has dialed up the pressure on North Korea,” he said. “Pyongyang faces the increased possibility that Beijing could abandon it. It made a loud statement.”
The New York Times