Virtual Event Today: Supply Chain Security Summit - Register Now

Security Experts:

Connect with us

Hi, what are you looking for?



China a Likely Factor in North Korea Cyber Prowess: Experts

BEIJING – North Korea may be facing explosive hacking accusations, but analysts are questioning how an isolated, impoverished country with limited Internet access could wage cyber sabotage — and many experts believe China plays a role.

BEIJING – North Korea may be facing explosive hacking accusations, but analysts are questioning how an isolated, impoverished country with limited Internet access could wage cyber sabotage — and many experts believe China plays a role.

The US has accused Pyongyang of hacking Sony Pictures, which was intimidated into initially cancelling the comedy film “The Interview” that mocks North Korean leader Kim Jong-Un, before deciding to release it online and in selected US cinemas on Christmas Day.

While much of the focus has been on the so-called cyber warfare between Washington and Pyongyang — especially after North Korea’s Internet temporarily went down — many analysts speculate China is a necessary partner in facilitating any attack by the North.

“North Korea’s cyber capacity relies on Chinese support in terms of both hardware and software,” Willy Lam, a politics expert at the Chinese University of Hong Kong, told AFP.

“Through this support the Chinese can maintain a certain level of control, he added.

China and North Korea Flags“They want to maintain that position, so they won’t pull their support because of the hacking scandal.”

Experts say telecommunications giant China Unicom provides and maintains all Internet links with the North, and some estimate that thousands of North Korean hackers operate on Chinese soil.

Pyongyang angrily insisted that it had nothing to do with the theft and leaking of Sony company secrets or threats against moviegoers, and was silent on why its Internet went down for hours this week.

Attention has also turned to China after many doubted North Korea has the ability to mount such an attack from its territory, given its limited cyber infrastructure.

“The capacity of the Internet connection in North Korea is very poor, given the number of IP addresses in the country,” Masahiko Iimura, spokesman of Tokyo-based cyber security service company LAC, told AFP.

The number of Internet protocol (IP) addresses — which correlates with the number of online devices — in North Korea is believed to be just over 1,000 compared with 1.5 billion in the United States and 200 million in Japan, he added.

Nonetheless, North Korea has an estimated 6,000 hackers, according to Lim Jong-In, a cyber expert at Korea University’s Centre for Information Security Technologies, who described it as “one of the world’s top five countries” in cyber warfare capability.

Many of the hackers operate in Chinese border cities such as Dandong under software contractors hired by Pyongyang, he added.

North Korea only has connections to four Internet networks and they all run through China, operated by China Unicom.

“I don’t have any information that can be disclosed,” an official with the state-run company told AFP when asked to comment about the Internet outage in North Korea.

Officials in South Korea are looking into the possibility that Pyongyang was behind a recent cyber attack against its nuclear power operator, with investigators saying a suspect used IP addresses based in the Chinese city of Shenyang, not far from the North Korean border.

China frustrated by Kim Jong-Un

China and the US have been embroiled in their own hacking row amid mutual accusations of cyber espionage.

FBI director James Comey accused Beijing in October of waging an aggressive cyber war that is costing American businesses billions of dollars.

China has dismissed such allegations as “fabricated out of thin air”, and was furious in May when it emerged that US prosecutors indicted five members of the Chinese military for alleged cyber espionage.

Beijing also accuses the US of hypocrisy, citing leaks by former US government contractor Edward Snowden alleging US cyber spying in China.

Given North Korea’s dependence on China to support its online infrastructure, analysts have speculated China may have been behind its Internet blackout this week, even amid rumours of US retaliation over Pyongyang’s alleged hacking of Sony.

Some have pointed to China’s increasing frustration over the erratic behaviour of Kim, who since taking over after his father’s death in 2011 has ordered missile launches, a nuclear test and the execution of his uncle Jang Song-Thaek, who was a key conduit to Beijing.

Pyongyang’s nuclear development and reluctance to pursue economic reforms have added to the strain on close ties between the communist neighbours forged during the 1950-53 Korean War.

China could send a clear signal to the North by pulling the plug on its Internet, while at the same time shoring up ties with the United States, though analysts see that as unlikely.

“It could be China, but China has other ways to show it is unhappy with North Korea,” James Lewis, senior fellow with the Center for Strategic and International Studies, told AFP, suggesting hacktivists were a more likely culprit in the North’s Internet breakdown.

Beijing has consistently avoided directly addressing whether it had any involvement in aiding alleged North Korean hacking.

China is “opposed to all forms of cyber attack and cyber terrorism”, foreign ministry spokeswoman Hua Chunying said on Tuesday.

Still, China is unlikely to abandon its troublesome neighbor.

“The Chinese leadership isn’t happy with what North Korea is doing but they maintain the relationship in order to influence an already unstable country,” said Lam of the Chinese University of Hong Kong.

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...


Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona


The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...


Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...


A newly identified threat actor tracked as NewsPenguin has been targeting military organizations in Pakistan with sophisticated malware.