North Koreans Dive Into the Darker Waters of the Internet

Last updated February 11, 2020
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

The use of the internet in North Korean is climbing quickly, as the citizens of the country realize that there’s an abundance of opportunities to make ends meet there. Unfortunately, we’re not talking about freelancing or remote office work, but for stealing cryptocurrencies, bank accounts, credit cards, spreading ransomware, and anything else nasty you can think of. This is the situation right now according to a research report compiled by Insikt Group, and it’s very similar to what an IntSights study reported about the cybercrime rates in Venezuela.

Both countries are going through rough periods with the governments failing to provide the needful to the people, the economy receiving pressure from foreign entities, and the control over what goes on online being particularly lax. According to Inksikt, since 2017, there has been an increase of 300% in the online activity of North Koreans, which is also evident by the use of previously unresolved IP space, the setting up of new mail and FTP servers, as well as the commissioning of new DNS name servers. Interestingly, the peak usage days and hours are no longer at the weekends, but on the mornings of weekdays.

The report also mentions a spike in the use of VPN (Virtual Private Network) tools, which internet users deploy in order to circumvent internet blockages and control measures that are imposed by the government, as well as to hide from their online victims. Finally, there is a ten-fold increase in the mining of Monero that derives from North Korean IP addresses, which is preferred for its privacy-protection features, it’s low requirements on the hardware power, and the fact that all transactions with it are untraceable. This also supports the theory that the Kim regime actually backs these operations to help generate revenue for international insurance frauds.

North Korea has to deal with a number of sanctions right now, so it is clear that Kim Jong Un would like to use the internet as a means of circumvention. No matter how much financial, military, and political isolation the world’s leaders want to impose on North Korea, the internet will always be a channel for them that can’t be plugged. State-supported actors from the northern side of the peninsula have been bashing international targets for many years now, causing trouble on both governmental entities as well as casual users.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: