• Research
  • Strategic Europe
  • About
  • Experts
Carnegie Europe logoCarnegie lettermark logo
EUDemocracy
  • Donate
{
  "authors": [
    "Taylor P. Brooks",
    "Taylor P. Brooks"
  ],
  "type": "legacyinthemedia",
  "centerAffiliationAll": "dc",
  "centers": [
    "Carnegie Endowment for International Peace"
  ],
  "collections": [
    "Korean Peninsula",
    "Cyber and Digital Policy"
  ],
  "englishNewsletterAll": "ctw",
  "nonEnglishNewsletterAll": "",
  "primaryCenter": "Carnegie Endowment for International Peace",
  "programAffiliation": "NPP",
  "programs": [
    "Nuclear Policy",
    "Technology and International Affairs"
  ],
  "projects": [],
  "regions": [
    "East Asia",
    "China",
    "North Korea",
    "Iran"
  ],
  "topics": [
    "Security",
    "Foreign Policy",
    "Technology",
    "Nuclear Policy"
  ]
}

Source: Getty

In The Media

Why China Needs to Rein in North Korea’s Hackers

Reigning in North Korean hackers is consistent with China’s cyberpolicy and boosts security on the Korean peninsula.

Link Copied
By Taylor P. Brooks and Taylor P. Brooks
Published on Feb 5, 2016

Source: Christian Science Monitor

During Secretary of State John Kerry's visit to Beijing last week, China's Foreign Minister Wang Yi made clear that his country would not support increasing sanctions on North Korea after its recent nuclear test.

Yet Secretary Kerry remained determined to find some sort of response that is "nonpunitive to the people of North Korea but nevertheless effective." While both sides have discussed a number of options, one that needs much more attention is what China can do to blunt North Korea's advancing cyberwarriors.

North Korea’s cyber capabilities have developed unchecked and its hackers have found safe haven in China, leaving Beijing in a unique position to rein in the Hermit Kingdom's digital attacks aimed at disrupting the status quo. 

In recent years, North Korea's increasingly sophisticated cybercapabilities have become favored tools for advancing its agenda and are worth a closer look. Kim Jong-Un reportedly views cyberoperations as his "magic weapon" giving the North a low-risk, low-intensity means of disrupting the status quo. 

North Korea's cybertargets have varied widely. They've taken aim at South Korean banks, broadcasting companies, US government networks, and famously, Sony Pictures Entertainment. Analysts attribute much of North Korea's cyberoffense to its clandestine Reconnaissance General Bureau (RGB) Bureau 121. 

The RGB's responsibilities have grown in recent years as the North Korean leadership continues to place greater value on cybercapabilities. Many recent activities have evolved from low-level disruptions of government networks to higher intensity attacks that have much more extensive security implications. In December 2014, an intrusion into the networks of a South Korean nuclear power plant was traced back to an IP address located in the northeastern Chinese province of Liaoning, which borders North Korea. Later, social media accounts associated with North Korea threatened to release sensitive communications and data stolen from the hack, and even to shut down the reactors themselves.

North Korea also uses its cybercapabilities to raise foreign currency to support the cash-strapped Kim regime. North Koreans operate illegal gambling websites and sell malware-laden software to foreigners that surreptitiously reroutes money into North Korea. In 2014, Cambodian police arrested 15 North Koreans for transferring $8.5 million to Pyongyang through illegal gambling websites based in Phnom Penh.

Later that year, police arrested three men in South Korea for buying illegal gambling software from China-based North Korean operatives. Instead of cheating gamblers, it installed the same malware used to conduct denial-of-service attacks on South Korean banks the year before. 

One roadblock to North Korea's plan is its limited Internet infrastructure. With only one physical connection point to the global internet and a limited set of assigned IP addresses, North Korean activities are fairly easy for foreign governments to monitor, and its Internet access may even be susceptible to hostile blackouts. To overcome these limitations, North Korea has sent its cyber experts to conduct offensive operations and theft from more advanced and connected networks around the world, particularly in China. 

This raises a number of thorny questions. Is China not aware of the scope of the problem? If it is, why is it tolerating this behavior? Perhaps China is aware but unable to stop the activities. The reports detailing nefarious North Korean cyberactivities emanating from Chinese networks are widely available so the Chinese government surely knows that these activities are occurring. The ability of these cyber experts to operate in China allows North Korea to pursue its strategy of funding the regime while degrading security on the Korean peninsula. China has a responsibility to address this issue. 

One promising sign is the acceleration in the development of global norms and principles of responsible state behavior in cyberspace during the past year. China itself has played a leading role in this development, beginning with its involvement in the fourth United Nations Group of Governmental Experts on Information Security (GGE) report. Since then, a number of developments in China's cyberpolicy suggest that it may be ready to move away from its policy of tolerance toward North Korea’s hackers.

China has endorsed an emerging consensus that states should not allow hackers to use its territory to harm other nations' critical infrastructure and important networks. It has affirmed this principle on multiple occasions with the US, Britain, Germany, and at the G20. Then at the World Internet Conference in December, President Xi took a hard line on "cyberspace sovereignty," demanding that governments retain legal and political control over the networks, data, and information located within their sovereign territory. 

Despite these developments, China appears to be ignoring North Korean hackers. In doing so, China is at best failing to meet its commendable public commitments. Taking steps to ensure its actions match the commitments it has made would be a benefit to China in light of the increasingly prominent role it hopes to play in the region and beyond.

A tougher Chinese posture would bolster its position as a global leader in the development of cybernorms, and give credence to its assertions of sovereignty in cyberspace. 

This article was originally published in Christian Science Monitor.

About the Authors

Taylor P. Brooks

Former Herbert Scoville Jr. Peace Fellow, Nuclear Policy Program

Taylor P. Brooks was a Herbert Scoville Jr. peace fellow in the Nuclear Policy Program at the Carnegie Endowment for International Peace.

Taylor P. Brooks

Former Herbert Scoville Jr. Peace Fellow, Nuclear Policy Program

Taylor P. Brooks was a Herbert Scoville Jr. peace fellow in the Nuclear Policy Program at the Carnegie Endowment for International Peace.

Authors

Taylor P. Brooks
Former Herbert Scoville Jr. Peace Fellow, Nuclear Policy Program
Taylor P. Brooks
Taylor P. Brooks
Former Herbert Scoville Jr. Peace Fellow, Nuclear Policy Program
Taylor P. Brooks
SecurityForeign PolicyTechnologyNuclear PolicyEast AsiaChinaNorth KoreaIran

Carnegie does not take institutional positions on public policy issues; the views represented herein are those of the author(s) and do not necessarily reflect the views of Carnegie, its staff, or its trustees.

More Work from Carnegie Europe

  • Commentary
    Strategic Europe
    Why Europe Cannot Negotiate a New Yalta with Russia

    While Russia is not ready to sue for peace on Europe’s terms, it could still either seek a ceasefire in Ukraine or try escalation. Brussels needs to prepare for both and prioritize that preparation over normative discussions.

      Kadri Liik

  • Agentic AI Anthropic bot
    Paper
    When AI Agents Attack: Autonomous Cyber Operations and Europe’s Governance Gap

    Autonomous AI agents are increasingly prevalent in cyberspace. The EU needs a real-time monitoring strategy, to invest in AI defenses, and to reduce its strategic dependence on U.S. frontier models.

      Raluca Csernatoni, Patryk Pawlak

  • Turkey ship Istanbul Bosporus Straits Black Sea
    Article
    Managing Montreux: Turkey and the Russia-Ukraine War in the Black Sea

    For ninety years, Turkey has been positioned as the principal gatekeeper of Black Sea security. As a result, European and NATO efforts to support Ukraine will require closer engagement with Ankara.

      Thomas de Waal

  • Commentary
    Strategic Europe
    Geopolitical Europe Needs Air-Conditioning

    Western Europe’s dual-use infrastructure melted down during its latest heat wave. If a predicted hot weather event can take the continent by surprise, what chance does it have to withstand unexpected geopolitical crises?

      • Rym Momtaz

      Rym Momtaz

  • Commentary
    Strategic Europe
    The Trump-Shaped Hole in the European Security Strategy

    There is an elephant in the room when it comes to the EU’s upcoming security strategy: Donald Trump. Unless European leaders acknowledge the depth of the transatlantic crisis, true autonomy will remain out of reach.

      Stefan Lehne

Get more news and analysis from
Carnegie Europe
Carnegie Europe logo, white
Rue du Congrès, 151000 Brussels, Belgium
  • Research
  • Strategic Europe
  • About
  • Experts
  • Projects
  • Events
  • Contact
  • Careers
  • Privacy
  • For Media
  • Gender Equality Plan
Get more news and analysis from
Carnegie Europe
© 2026 Carnegie Endowment for International Peace. All rights reserved.