North Korea’s Cyber-offensive: Implications for India

By – Divyanshu Jindal;

The anatomy of global conflicts is rapidly changing. With the focus of both state and non-state actors shifting towards exploiting the cyber domain for inflicting damage on their adversaries, cyber security has emerged as a key domain for geopolitical considerations. 

In the last few years, India has witnessed an exponential increase in cyber-attacks. India’s cyber susceptibilities have also been highlighted in several rankings and reports. In a volatile regional geopolitical dynamic (with both Pakistan and China able to collude with North Korea), India stands at a risk of an impending proxy cyberwar. However, there emerges an argument on whether New Delhi can feel Pyongyang’s pulse and diplomatically engage with the Kim regime to convey the importance of positive India-North Korea relations. 

Why North Korea stands apart 

There have been major cyber-attacks in the past few years by groups associated with the North Korean regime. The 2017 WannaCry  (the largest ransomware attack in history), the 2018 South Korean Ministry of Defence breach to steal arms procurement and next-gen fighter aircraft plans as well as the 2019 breach of India’s Kudankulam nuclear power plant – to steal proprietary information on thorium-based reactor, are some of the incidents that made headlines. 

As it seeks funds while reeling under heavy sanctions imposed by the United Nations (UN), the Kim regime has looked towards cyber-crimes and China’s support to run the country. With fault lines emerging between the West (the United States and Europe) and the eastern partners (China and Russia) over dominance in every sphere, the possibility of North Korea becoming China’s ‘Cyber Arm’ raises concerns, especially for nations with weaker cyber defence capacities.  

In recent past, the North Korean hacking groups have targeted institutions like the Korea Atomic Energy Research Institute, and several South Korean think tanks and security-related institutions; British drug maker AstraZeneca, and various other health bodies, drugmakers, and vaccine scientists working on the COVID-19 vaccines; the Central Bank of Bangladesh in 2016 (theft of $81 million); and Sony pictures in 2014. The groups used phishing emails as a common strategy, targeting experts to gain classified or proprietary information. The targets were contacted through fake job offers or by mimicking family and friends to install data-gathering malwares on the target systems, thus exploiting a lack of cyber security standards and awareness. Over the years, the North Korean cyber groups have increasingly improved their sophistication levels and have been able to exploit operating system vulnerabilities and use decentralised routes like cryptocurrencies for ransoms. The growing aggressiveness by North Korea in this sphere becomes a cause of concern, given the inability of diplomatic pressures as well as sanctions, to force the North to lower the cyber warfare being inflicted from its side North Korea has desire. The ‘Naming and Shaming’ approach – the practise of public singling out a person, company, government etc., for doing an illegal act, in order to cause public embarrassment- has also been ineffective in light of the North’s open defiance of the global order.

The North’s cyber prowess is often observed with astonishment, considering the degree of self-isolation the ruling regime has imposed on the nation, as well as due to years of sanctions restricting the country’s technical advancement on wider level. In the last one and a half decades, the North has been cut off from the global financial system and almost all sources of foreign investments. The North Korean leader equates the importance of cyber capabilities to that of nuclear power.  He is deemed to have stated that “Cyberwarfare is an all-purpose sword that guarantees the North Korean People’s Armed Forces ruthless striking capability, along with nuclear weapons and missiles”. This signifies the regime’s focus on achieving superior cyber offensive skills as a means to defend against its rivals. North Korea’s case is different than other nations like China or Russia who are often alleged to be backing the cyber criminals but cannot be explicitly linked with them.

Although many attacks might be state sponsored, there also exists a considerable degree of freedom exercised by these criminals’ groups in their conduct. This is seen as an explanation (or an excuse) for Chinese origin cyber-attacks on Russia and vice-versa, as well as Russian origin cyberattacks on India. Generally, cyber-attacks provide a large extent of deniability to the states backing them in absence of proofs to establish a direct link. 

However, as access to internet remains limited to only the North’s elites, comprising about 0.1 percent of the population, and an extremely severe form of monitoring and restriction is imposed inside the country, the cyberattacks originating from the groups associated with the North Korean regime are deemed directly as state sponsored. Severe restrictions on foreign travel and stay for North Korean citizens also makes it improbable for North Korean groups to conduct operations without the leadership’s knowledge. This makes the Kim regime a hostile state actor in the cyber domain.   

Concerns for India: Diminishing ties and the rising China-North Korea Axis

The India-North Korea relations are generally characterized by friendship, cooperation and understanding. India participates in the biennial Pyongyang International Film festival, welcomes North Korean students in Indian academic institutions under Indian Technical and Economic Cooperation (ITEC) programme, and extends humanitarian assistance consisting of food, medicine, and essential goods like blankets and polythene sheets on a regular basis. It is argued that India-North Korea ties are a legacy from India’s non-aligned status during the cold war, uplifted post-cold war by India’s welcoming stance to engagements with the North, even when the western consensus deemed the North’s regime problematic. 

Despite desires for deeper contacts, India-North relations have remained limited in backdrop of international sanctions on North Korea. This extends to both the economic and political spheres. While Indian public and private entities remain averse to making investments in North Korea, India’s ‘dialogue diplomacy’ to promote establishment of peace and stability on the Korean peninsula has not  lead to substantive results. In comparison, China’s heft in North Korea’s strategic considerations have grown exponentially. 

Beijing stands among Pyongyang’s major allies in global arena. It supports North Korea’s defence through a 1961 alliance treaty and there exists a heavy dependence on Chinese fuel and food imports. Although Beijing has criticized Pyongyang’s missile tests on several occasions, it enjoys the strategic costs that Pyongyang’s rogue stance incurs on the West. The US maintains a force of around 28,500 soldiers in South Korea to deter any aggression by the North, along with constant monitoring of its activities. 

The North also creates a mediating role for Beijing in regional tensions with Japan, and South Korea. It is now widely accepted that Beijing’s role will be paramount in Korean de-nuclearization – if at all. Given how China seeks to shape its global image in the post pandemic world – Pyongyang can be Beijing’s trump card in cyber space. Without being accused of leading any cyber offensive against the West, China can utilize North Korean cyber capabilities to attain its objectives.  

A report by a US-based think-tank highlighted that in 2020 the North Korean hacking groups targeted at least six pharmaceutical companies that were working on the COVID-19 treatments. It remained unclear whether North Korea was attempting to create its own vaccine or vying to sell the stolen information to some foreign company or government. Considering the lack of infrastructural resources in North Korea to develop own vaccines and China’s failures to come up with an efficient vaccine, it is not far from imagination that China would have been the main beneficiary for any cyber exploits through these cyberattacks. This remains true for any stolen information from the US, India, Israel, Japan, South Korea, or even Russia, which can accelerate Chinese projects to attain technical superiority.

The Chinese government pursues official academic partnerships with military-affiliated North Korean universities. According to a US army report, North Korea commands an estimated 6,000 cyber agents scattered across the globe. These agents gain the relevant skills while studying at Chinese universities, thus getting access to advanced technology and equipment. There also exists Chinese infrastructural support to North’s hacking groups, an example of which came to light during the 2016 cyber heist on the Bangladesh’s central bank. The investigators observed that most of the stolen money ended up in Macau, before being sent to North Korea. 

Attacks on India’s critical infrastructure by North Korean hackers – like Indian Space Research Organisation (ISRO) attack, and the previously highlighted Kudankulam nuclear power plant attack – would immensely help Beijing in the evolving geopolitical competition against India.    

What are India’s options? 

According to a global survey by a cybersecurity firm – Sophos, India tops the list of top 30 countries vulnerable to ransomware attacks, primarily due to a lack of proper cyber security mechanisms and highly prevalent use of pirated technology. Another report on cyber readiness highlights India among the countries with lowest adoption rates for multi-factor authentication. 

While low cybersecurity awareness at ground levels remains a weak spot in India’s cyber defences, there exists a vacuum in India’s cybersecurity approach which can be filled through multilateral cyber intelligence arrangements. 

India remains a non-signatory to the Budapest convention which stands as the sole binding treaty on cybercrime. It aims at harmonizing national laws, improving investigative techniques, and increasing cooperation among nations. India has expressed concerns regarding cross border data access provisions which impinge on national sovereignty. Instead, India has focused on cyber cooperation on mostly bilateral basis. 

Since the onset of the COVID-19 pandemic, the world has witnessed a developing bifurcation in global geopolitics. The current Joe Biden administration is at odds with both Russia and China at the same time. Experts believe that a collusion between China and Russia could lead to a two-pronged attack on Ukraine and Taiwan, to overwhelm the West’s defensive capacities. 

There is also a growing concern over the rising Chinese dominance in the Indo-Pacific region, which has shifted global focus towards this region. This can be seen in the recent institutionalization of the QUAD (India, Japan, Australia, US) mechanism and the formation of the AUKUS (Australia-United Kingdom-United States) pact. India is expected to act as a fulcrum for countering Chinese hegemony in the region in most western plans. 

This makes an opportunity for India to look at mechanisms like the Five/Nine/Fourteen Eyes arrangements which focus on intelligence gathering, counterintelligence operations, and law enforcement in the cyber domain. This will need India to make a significant decision towards its cybersecurity strategy for the coming years. 


Hopes for better India-North Korea relations have taken some beating in last few years. While in 2015 India refused a US suggestion to diminish its diplomatic presence in Pyongyang – pointing the need for embassies of some of US’ friendly countries to remain in Pyongyang to continue channels of communication- India has not been able to move closer to the Kim regime. The growing global animosity towards North Korea’s nuclear activities has also led to diminished interactions between New Delhi and Pyongyang. Meanwhile, India’s ties have strengthened with the North’s major adversaries- US, Japan, South Korea. 

Considering the shifting tides in global and regional geopolitics, it might be time for India to consider the developing Xi-Kim nexus and shape India’s cyber diplomacy accordingly. There remains an urgent need for India to develop its cyber defence, improve cyber awareness on ground level, and engage in multilateral avenues to deter cybercrimes.

Divyanshu Jindal is a Doctoral Student at OP Jindal Global University, India and a Research Intern at Manohar Parrikar Institute for Defence Studies and Analyse, New Delhi, India. He is a postgraduate in International Relations with a specialization in economics and foreign policy. He has worked at Fidelity Investments as an Associate Systems Engineer after completing B. Tech in Computer Science from SRM University, India. His writings have appeared at The Lowy institute, BRICS Information Portal, The Quint, 9Dashline, Eurasian Review, Modern Diplomacy, The Geopolitics, among other online platforms. His areas of interests include India-Russia relations, India’s foreign policy, cyber diplomacy, and cyber politics. 

2 Replies to “North Korea’s Cyber-offensive: Implications for India

  • Abhishek

    By Abhishek


    A very comprehensive piece on the issue…

  • chia kurs euro

    By chia kurs euro


    Reading your article helped me a lot and I agree with you. But I still have some doubts, can you clarify for me? I’ll keep an eye out for your answers.

Leave a Reply

Your email address will not be published. Required fields are marked *