Focus Turns to North Korea Sleeper Cells as Possible Culprits in Cyberattack

They take legitimate jobs as software programmers in the neighbors of their home country, North Korea. When the instructions from Pyongyang come for a hacking assault, they are believed to split into groups of three or six, moving around to avoid detection.

Ever since the 1980s, reclusive North Korea has been known to train cadres of digital soldiers to engage in electronic warfare and profiteering exploits against its perceived enemies, most notably South Korea and the United States. In more recent years, cybersecurity experts say, the North Koreans have spread these agents across the border into China and other Asian countries to help cloak their identities. The strategy also amounts to war-contingency planning in case the homeland is attacked.

Now this force of North Korean cyberhacking sleeper cells is under new scrutiny in connection with the ransomware assaults that have roiled much of the world over the past four days. New signs have emerged not only that North Koreans carried out the attacks but also that the targeted victims included China, North Korea’s benefactor and enabler.

As evidence mounts that North Korean hackers may have links to the ransom assaults that destroyed more than 200,000 computers, their motives appear twofold: financial gain — which does not appear to be turning out so well — and proof that Pyongyang has the means to cause significant damage, with or without a nuclear weapon.