That all nations spy is a commonplace, and the internet has provided them a great tool to do so. So it is unsurprising that the North Koreans would turn to it. What is surprising is that, given the general backwardness of the country, how successful at it they have become. For instance, it was recently disclosed that the NKs had successfully stolen South Korea's war plans in case of conflict with it, including its decapitation plans to take out NK leadership in case of war.
In addition, recently other nations have begun to hack into the civilian industrial infrastructure of potential adversaries to plant "sleeper" programs designed to be activated upon command to cripple and otherwise destroy that infrastructure as desired. We know that the Iranians, for instance, had successfully hacked into some upstate NYS dam, allowing it to either release flood waters or to destroy the dam machinery. It is highly probable that the Norks are acting similarly (as are we, the Russians, Chinese, and God knows who else).
But what makes NK's cyber operations so uniquely threatening is their use of them purely for reasons of financial gain - stealing money to fund the state. North Korea attempted to steal $1 billion from monies Bangladesh had on deposit at the Federal Reserve, eventually making off with $81 million, an unprecedented move by a nation state to steal money from another sovereign state with whom it is not in conflict.
Beyond that, North Korea has also taken to stealing from private citizens and organizations of other countries as well. It is now one of the leading sources of ransomware and other internet scams around the world. Nor are they careful to restrict what gets affected by that. Remember that recent ransomware attack, the largest in history, that crippled Britain's National Health Service? Critical medical tests and procedures affected. North Korea's work. British intelligence has estimated that NK cybertheft brings in $1 billion per year, 1/3 of its export earnings.
Even more bizarre is the way in which NK uses its state capabilities to hit private actors elsewhere for reasons of pique. It destroyed 70% of SONY Pictures' network and stole an immense amount of data and product in retaliation for a forgettable Seth Rogan movie in which Kim Jon Un was treated in a way the Norks didn't like. They similarly tried to attack Britain's Channel Four to stop a documentary is was producing about a British scientist's kidnapping in NK.
We all remember Stuxnet, that joint American-Israeli operation wherein we used cyber to attack Iran's nuclear program. Unwilling to attack it militarily, the Bush Administration devised a way to introduce a computer virus into the industrial control equipment of Iran's centrifuges, degrading and destroying them, for which we needed Israeli help of their agents in place to implant.
The original virus was designed by us to affect only those systems we specified and to do so in such fashion as to present no pattern tipping off those infected they had been. And it operated successfully and stealthily for years without the Iranians twigging to their problem. But at some point the Israelis apparently got impatient and modified the virus to speed up what got infected and how quickly it would be destroyed. Which resulted in it being discovered by cyber security agencies, Iran finding and ending the penetration, and its obtaining its code for its own use and that of its friends, for potential eventual use against us.
The point being that it had now been made apparent that states could use cyber to attack adversaries' infrastructure without necessarily being caught. And the temptation is for everyone to use it. Previously, if State A wanted to hit State B, it would have had to either bomb them or to undertake risky clandestine operations running the high risk of being discovered and retaliation ensuing. Now, many states believe they might be able to hurt others in ways they could not previously and get away with it.
But lack of proof as to their involvement does not remove suspicion. And what one state does to another without attribution, the latter can do back equally without attribution. It is not difficult to foresee a situation in which someone does something a little too cute, resulting in retaliation (maybe even against an uninvolved party) that ultimately results in deaths and warfare, something that would not have happened had the first party not been so sure its actions were risk free.
Now North Korea has developed all those capabilities and is getting better year by year. At one point, a sizable proportion of NK's UN delegation in NYC had signed up for computer courses at local universities, with the ironic result that we have, albeit unknowingly, trained NK hackers to attack us. And, in order to avoid us simply isolating NK from the internet, they have scattered their cyber agents to other countries. A large proportion of NK cyber attacks now emanate from India, from NK agents living there, and many of these attacks are routed through servers in other countries, such as New Zealand. So how do we find them?
In years past, larger and more powerful countries would be relatively immune from attack by smaller countries. But, dependent on the targets, now a small country with a capable cyber operation could potentially wreak devastating damage upon the larger at will. This might be comforting to a smaller nation looking to defend itself, but such capability in the possession of nut jobs is another thing altogether.
And this creates problems in foreign affairs as well. One of the proposed solutions to resolve the threat of NK's nuclear program is to regularize diplomatic relations with them, recognize their government and guarantee not to strike it in return for assurances on its nukes. But how can we do so when it is essentially acting as a criminal enterprise, counterfeiting billions of US $100 bills, kidnapping and killing, and using state capabilities to steal money from other states and from private individuals?