North Korean Hackers Take Aim at US-South Korean Joint Military Drills

North Korean leader Kim Jong Un oversaw the test-launch of a strategic cruise missile from a naval vessel, the country’s official Korean Central News Agency reported Monday, just as South Korea and the US are set to begin annual military exercises.

(Bloomberg) — North Korean leader Kim Jong Un oversaw the test-launch of a strategic cruise missile from a naval vessel, the country’s official Korean Central News Agency reported Monday, just as South Korea and the US are set to begin annual military exercises.

“At the drill aimed to reconfirm the combat function of the ship and the feature of its missile system and make the seamen skilled at carrying out the attack mission in actual war, the ship rapidly hit target without even an error,” KCNA reported.

South Korea’s Joint Chiefs of Staff called the KCNA report “untrue” and exaggerated, adding in a statement that the “South Korea military will conduct the planned joint exercises thoroughly and intensively.”

KCNA didn’t provide details on the type or number of cruise missiles used, or specify the date of the action. North Korea isn’t barred by United Nations resolutions from cruise missile tests. 

Kim, who reportedly observed the test from another vessel, was cited by KCNA as saying, “All the surface and underwater warship units of the Navy should thoroughly keep constant mobility and steadily increase the capability for actual war.”

News of the test-launch comes amid stepped up efforts by North Korea to gain classified information regarding the joint military exercises. North Korean hackers tried to infiltrate security-related computers to obtain information on joint US-South Korean military drills but apparently obtained no classified information, police in South Korea said Sunday.

Malicious emails were sent from suspected North Korean hackers from April of last year to employees at a company involved in joint military drills, the Gyeonggi Nambu Provincial Police said in a statement. The hackers in January were able to seize one of the employee’s accounts and install a code, but there are no indications they obtained sensitive material. 

The attempts to pilfer military data were unsuccessful, but some personal computers were affected, according to the statement. South Korean police concluded the case was linked to North Korea’s hacking group known as Kimsuky, which has used similar methods before.

The Kimsuky group focuses its intelligence collection activities on foreign policy and national security issues related to the Korean Peninsula, according to the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. 

The 11-day joint Ulchi Freedom Shield exercises are designed to prepare responses to various threats, using computer-simulation exercises, drills in the field and civilian-defense practice. South Korean police and US authorities have been investigating a string of e-mails originating from someone falsely claiming to represent the US military that were sent to South Korean employees at the US Armed Forces in South Korea in July ahead of the joint military drills, the statement from police said.

North Korea for decades has denounced joint drills as a preparation for invasion and Kim’s regime in recent years has stepped up its provocations to coincide with the exercises. His army of hackers has for years conducted cybercrimes and phishing campaigns to help procure funding for its weapons programs, hunting for information that could be of use to Pyongyang.

The drills come days after the leaders of the US, South Korea and Japan held a landmark summit at the Camp David presidential retreat in rural Maryland where they agreed on new steps to defend against North Korea’s nuclear and missiles threats. These include the sharing of real-time information of missile launches and bulking up joint military exercises among the three.

South Korea’s spy agency told lawmakers last week that Pyongyang appeared to be readying to test an intercontinental ballistic missile and smaller ones designed to deliver nuclear weapons. 

Pyongyang had already fired 24 ballistic missiles so far this year, which included four ICBMs that could hit the US mainland. Kim’s regime launched more than 70 ballistic missiles last year, a record for the state. 

Its hacker army has taken in about $200 million in cryptocurrency theft so far this year, accounting for over one-fifth of all the crypto heists in 2023, according to a report last week from the blockchain intelligence firm TRM Labs. 

Both the US and South Korea have accused Kim’s regime of deploying hackers to various corners of the world to fund its weapons programs.

They say these in-demand workers can make as much as $300,000 a year abroad — often remotely through freelance platforms with falsified or stolen identification — and can assist in enabling cyber attacks and cryptocurrency thefts that helped North Korea earn an estimated $1.7 billion in 2022.

–With assistance from Sangmi Cha and Seyoon Kim.

(Adds response from South Korea Joint Chiefs of Staff)

More stories like this are available on

©2023 Bloomberg L.P.