Part VI of the Special Series for Global Peace and Security: a collaboration between WGI.WORLD (World Geostrategic Insights) and CGPS (Center for Global Peace and Security).
By Sunny Lee – Founder and President at CGPS (Center for Global Peace and Security), and Director at IKUPD (Institute for Korea-U.S. Political Development), Washington DC
The future war would be specified by cyber warfare as conventional wars with military weapons disappear and instead, missiles will be fired in the cyber space of computers. Only a single finger will directly control combat as a substitute for a gun or missile. Keyboards could turn into weapons on a virtual battlefield, but the damage really occurs without dispatching soldiers at risk. Military systems can be an obvious target in cyber war by preventing commanders from communicating with their troops or seeing where the enemy gives an attacker a major direction.
International society has been increasingly filled with cyber spies, hackers, and top-secret digital weapons programs with unpredictably dangerous features of international conflicts. Over 30 countries are recorded to develop offensive cyberattack capabilities for military aims, even though their government hacking programs have been shrouded in top secret strategy. Multiple aspects of ongoing cyber warfare between major cyber powers stimulate the arms race, but a lack of legitimate rules controlling cyber conflicts often come up as a serious risk.
As the utmost adversaries of the U.S., Russia and China have been developing capabilities in hypersonic, space, nuclear, and cyber weapons with highly advanced military techniques. Especially, dreadful threats through cyberattacks against the international security environment totally shake the traditional concepts of warfare. The world would be frequently entangled with hacking systems and military espionage in cyberspace, which is not easy to investigate or punish. Hackers use computer code to attack an enemy’s infrastructure from a far distance, where it is extremely hard to trace back to its perpetrators with any certain clue or evidence.
The worst cyberattack happened in 2012 when North Korea hacked the main websites of the U.S. Government and spread viruses to disable their function. In addition, NYSE, NASDAQ, and Washington Post also froze temporarily, shocked and perplexed on how such a small country dares to attack the headquarters of Washington DC. The U.S. immediately retaliated by disabling nationwide internet systems of North Korea. It also became a turning point that the U.S. triggered to enhance cyber force as an important national strategy.
Now, cyber superpowers include the U.S., Russia, China, and North Korea among 30 cyber countries. But North Korea is ranked as the top first in cybercriminal activities. Since Kim JungUn emphasized nuclear, missile, and cyber as the top three asymmetric powers, North Korea has focused on more aggressive cyber strategy and exploited cyber techniques for upgrading military force. Active as well as competent North Korean hackers are intensifying cyberattack strategies by leveraging artificial intelligence (AI) that have conducted formidable challenges to global cyber defense mechanisms. North Korea surprisingly flourishes the potential escalation of threats to international cyber security and the covert financing of nuclear weapons programs by making a cyber black money.
Cyberattacks and Potential Aspects
Cyberattacks describe five types with critical aspects which have been skillfully developed and reinforced as time goes by. Whenever they become exploited for military purposes, the outcomes virulently result in damaging a security environment by cyber warfare.
If a hacker sneaks in an enemy’s missile defense system and spreads a virus, its function will be absolutely disabled. In addition, if he directs the wrong order to fire missiles toward the counterpart country itself, it will be totally defeated by committing suicide. At that moment, only one hacker will be enough to win the combat without military weapons or personnel.
First, it is Espionage by monitoring other countries to steal top secrets or military data, where hackers infiltrate computer systems or networks. It involves using botnets or phishing attacks to compromise sensitive computer systems before exfiltrating sensitive information. For example, CrowdStrike proves that Russian cybercrime group, Fancy Bear, targeted Ukrainian rocket forces and artillery between 2014 and 2016. The malware was spread to manage targeting data via an infected Android application used by the D-30 Howitzer artillery unit. Because Ukrainian officers widely used the app, which contains the X-Agent spyware, such a highly successful attack resulted in destroying over 80% of D-30 Howitzers.
Second, it is Sabotage. Hostile governments or terrorists steal valuable information, destroy it, or leverage insider threats to the attacking country. It also screws up or damages adversary government systems by hacking or spreading viruses. Stuxnet is a powerful computer worm that attacked the Iranian nuclear facility in 2010, which was designed by the U.S. and Israel to destroy the centrifuges to enrich uranium. It was the most sophisticated cyberattack and very successful as well in history. The malware spread on the targeted data acquisition and supervisory control systems via infected Universal Serial Bus devices. The attack seriously damaged Iran’s ability to manufacture nuclear weapons and would control further nuclear programs.
Third, it is Denial-of-Service (DoS) Attack to prevent legitimate users from accessing a website by flooding it with fake requests. It disrupts critical operations and blocks access to sensitive websites, especially military or security personnel.
In 2007, Estonia relocated the heroic statue, a Bronze Soldier associated with the Soviet Union from the center of its capital Tallinn to a military cemetery near the city. Russia strongly warned to impose sanctions on Estonia in blasphemy against the Soviet heroes of World War II, which suffered several significant cyberattacks in the following months from Russian hackers. Estonian government websites, media outlets, and banks were overloaded with heavy traffic by massive denial-of-service (DoS) attacks and consequently, were taken offline.
Fourth, it is the Electrical Power Grid as attackers disable critical systems or disrupt core infrastructures resulting in bodily harm. It also messes up online communications by spreading viruses, neutering public services, or stealing important information.
North Korean hackers conducted a cyberattack on Sony Pictures Entertainment in 2014 to prevent the release of “The Interview” in a negative portrayal of Kim JungUn. They destroyed company systems and in addition, stole large quantities of personal and commercial data. North Korea’s cyber unit used aggressive “data-wiping” malware to steal Sony’s corporate secrets and erased the company’s computer files right away to conceal its own identity.
However, the FBI found similarities with previous malware attacks conducted by North Korean hackers who used computer codes, encryption algorithms, and data deletion mechanisms. The FBI finally accused the North Korean government of being behind such a devastating hack. Hacking capability of North Korea has been ranked within the top five among cyber powers as threatening even Israel with the top first level in cyber security.
Fifth, it is Economic Disruption. Attackers usually hack computer networks such as stock markets, payment systems, or bank accounts to steal money or transfer it to other accounts. It also blocks people from accessing the fund they keep and withdraws it by fraud.
WannaCry ransomware attack of North Korea has infected networks in 150 countries which caused as much as $4 billion in losses for a few years. North Korea’s hackers lightly tap keyboards rather than guns to steal digital wallets of cryptocurrency instead of directly robbing sacks of cash. They are the world’s top first robbers in nation-state banks in the 21st century.
Russia, China, and North Korea’s Cyberattacks
The actual cyber warfare has been conducted in the Ukraine War as the largest cyber conflict and the first time to incorporate the significant levels of offensive cyber operations on all military sides right after the invasion. In the beginning of war, Russia launched the world’s largest-ever salvo of destructive cyberattacks against dozens of Ukrainian social networks. Simultaneously, Russia disrupted the Viasat satellite communications network just before tanks rolled across the border, possibly hindering initial defense of Kyiv.
Russian hackers have collected military data to assist Russia’s pre war planning, kinetic targeting, occupation activities, influence operations, and future negotiations with Kyiv. However, Ukraine has shown formidable defensive strength and incredible resilience on the battlefield and in cyberspace. Kyiv’s ability to thwart Russia’s cyberattacks would be reinforced by cyber support from the world’s competent technology companies and governments.
As well, Russia’s grumpy cyber strategy has revealed the overdetermination in critical factors by inadequate cyber capacity and weaknesses in non-cyber institutions. On the reverse, it has even enhanced exceptional defensive efforts of Ukraine with its partners. Although Russian hackers have plenty of time to conduct Putin’s war goal, they have already lost the pertinent pace of cyberattacks so that Russian forces must work hard to destroy Ukraine’s infrastructures and immiserate the populace with conventional weapons.
In 2023 global threat assessment, the U.S. considered China as conducting the broadest, most active, and persistent cyber espionage threat toward U.S. Government and private-sector networks. Chinese cyber hackers use commercial chain attacks to reach victims indirectly, who have exploited an IT system’s legitimate software and tools to engage in malicious activities.
Since Chinese leader Xi Jinping announced cyber power as a key element of national power, he has emphasized his goal to make China “a cyber superpower.” According to his strategy, the Chinese Communist Party has progressively organized military, intelligence, and civilian resources to bolster China’s cyber capability. It strives to become a global cyber leader in quantum computing and communications, artificial intelligence (AI), and next-generation wireless technology such as 7G and further 8G by 2030. China would conduct cyber theft to speed its technological development in other areas such as aerospace and semiconductors, which aggressively steals other country’s intellectual property in artificial intelligence.
The Chinese military hackers are ramping up their cyber capability to disrupt core infrastructures of the U.S., including industry and security systems. Hackers affiliated with China’s PLA have burrowed into the computer systems of 24 critical entities. The intrusions direct multiple ways to sow chaos or snarl logistics in the severe case of the U.S.-China conflicts. Xi Jinping also warned if the U.S. impedes China’s invasion to Taiwan, China will hobble critical U.S. systems by cyberattacks on key military installations or civilian services.
Ann Neuberger, U.S. Deputy National Security Advisor for Cyber and Emerging Technologies announced that North Korea supplies 50% of expenditure to develop missiles through incessant cyberattacks as well as hackings to cryptocurrency infra or game money. Since 2018, North Korean cyber hackers have stolen $1 billion annually as half of total expenses to develop ballistic missiles and nuclear weapons. For example, North Korea spent $650 million to fire 31 ballistic missiles in the first half year, 2023 but it was easily covered up by just one time hacking. Wall Street Journal reported North Korean hackers impudently stole $620 million from Axie Infinity players’ account in Vietnam Game Company.
North Korea operates around 6,800 cyber warfare personnel as the fifth largest in the world, following the U.S., China, Russia, and Israel. The North Korean hacker squad represents one of the three major wars: nuclear weapon, missile, and cyber warfare as “the omnipotent sword” declared by Kim JungUn. Andariel is a specialized hacker unit as a notorious cyber organization because of financial crimes. It has also hacked dozens of South Korean defense companies and stole 1.2TB of key technical data as well as nuclear techniques. Kimsuky, Lazarus, and BlueNoroff are also ranked as the world-class hacker units.
The U.S. National Intelligence Service (NIS) confirmed that North Korean hackers are carrying out fierce cyberattacks to paralyze administration systems and intensify hacking attacks through system destruction and access. They attacked the defense sector of at least 25 countries in 2020-2023, who successfully hacked to steal military techniques, especially targeting defense companies in Russia. It is obviously proved that the tanks and surface-to-air missiles developed by North Korea are very similar to those of Russia by using the stolen blueprints. North Korea’s cyberattack attempts on the defense industry include the aviation sector 25%, tanks 17%, satellites 16%, and ships 11%.
The U.S. Cyber Security Strategy
The U.S. NIS lists Russia, China, Iran, and North Korea as the major cyber threatening countries which must be defeated or controlled. Russia has highly advanced offensive cyber programs to conduct disruptive cyberattacks on critical infrastructure networks with military purposes, even though it wouldn’t be much successful in the Ukraine War.
China is also narrowing the gap between the U.S. in cyber warfare capabilities that it has attempted to probe U.S. networks to sneak into data useful in any future crisis. PLA cyber forces set up an operational figure of U.S. defense networks, military disposition, logistics, and related military capabilities which can be exploited prior or during a military or security crisis.
Nonetheless, the U.S. is still ranked in the top first with the most significant cyber defense and cyberattack capabilities both defensively and offensively. This capability comes from U.S. Cyber Command, which has a dual mission not only to protect U.S. Department of Defense networks but also to conduct a full spectrum of military operations. It enables actions in all domains and ensures U.S. freedom of actions in cyberspace as well.
The Cyber National Mission Force teams in Cyber Command with the same status of a Unified Combatant Command defend the U.S. by monitoring adversary activities, blocking attacks, and maneuvering to defeat them. They conduct cyber operations to support military commanders, while the Cyber Protection Force teams defend the Department of Defense information networks. Besides, the CIA and NSA possess cyber espionage capabilities, which have been involved in producing cyber weapons such as the famous Stuxnet worm.
The U.S. has used various forms of cyber weapons against the Iranian nuclear program and the North Korean missile tests. Even after revelations that Russia meddled in U.S. presidential election 2016, Obama authorized the planting of cyber weapons developed and designed by the NSA in Russia’s infrastructures. They could be triggered remotely as a part of a retaliatory cyber strike in the center of Russian aggression as a warning of potential attacks.
North Korea’s malicious cyber activities have threatened the United States as well as the international society, which particularly poses a significant threat to the international financial systems. Under the strong pressure of the U.S. and UN sanctions, North Korea has increasingly produced illegal activities including cybercrimes to make up funds for mass destruction weapons and ballistic missile programs. As well, it seriously affects critical cyber strategy of the U.S. that North Korea has explored a pattern of harmful cyber activity against international consensus in cyberspace.
The United States investigates closely with cyber allies to defeat North Korea’s disruptive, destructive, or destabilizing behavior in cyberspace. For example, in December 2017, the U.S. along with Australia, Canada, New Zealand, and the UK attributed in public the WannaCry 2.0 ransomware attack to North Korea and denounced its harmful and irresponsible cyber activity. It is a vital case for the international community, network defenders, and the public to work together to mitigate the cyber threat conducted by North Korea.
Cyber Wars and Global Security
In NATO countries, state-sponsored cyberattacks targeting users increased by 300% in 2022, compared to 2020. Since then, cyberattacks with frantic speed would be ‘a gathering cyber storm’ to sweep away global security. They have demonstrated how cyber wars will destroy the world worse than conventional war like the actual use of nuclear weapons.
After Biden announced sharp restrictions on selling the most advanced computer chips to China, he sold them to U.S. industry to restore its competitiveness. It basically comes from a concealed strategy to control the arms race with China. If China fails to obtain the chips, it may be impotent to develop military weapons driven by artificial intelligence. It also gives not only the U.S. but also the world the chance to figure out the appropriate use of artificial intelligence in sensors, cyber weapons, and even autonomous killer robots. Computers installed by AI chips with advanced cyber techniques can lock out human society itself by cyberattacks.
The biggest cyber risks might come from individual actors, terrorists, ransomware groups or a small country with advanced cyber skills such as North Korea which clones a smaller, less restricted version of ChatGPT. They are very capable of finding out the way that the generative AI software speeds up cyberattacks by targeting disinformation.
Therefore, AI systems would be the most critical and potential technique in upcoming cyber warfare as propelling arms race. The best way to control cyber wars for global security is to limit the use of AI special chips or computing power needed to advance cyber technology. Major cyber powers must set up international treaties to prevent cyberattacks and restrict criminal use of cyber techniques. Otherwise, the global society might be easily destroyed by tapping the keyboard of a computer with only a single finger.
Sunny Lee – Founder and President at CGPS (Center for Global Peace and Security), and Director at IKUPD (Institute for Korea-U.S. Political Development), Washington DC. Sunny Lee is the author of 115 academic books in politics (original English and in German, French, Russian, Polish, Dutch, Italian, Spanish, and Portuguese). She is a bestseller writer not only in politics but also in literature on Amazon. Her recent book is titled: “The Influence on Humankind’s Peace through Korean Reunification: Creating new paradigm in social science by interdisciplinary research.”
(The opinions expressed in this article are solely those of the author and do not reflect the views of World Geostrategic Insights).