London Daily

Focus on the big picture.
Thursday, Jul 16, 2026

The Incredible Rise of North Korea’s Hacking Army

The Incredible Rise of North Korea’s Hacking Army

Shimomura was a member of the Yamaguchi-gumi, the largest yakuza crime family in Japan. When one of his superiors asked him if he wanted to make a pile of fast money, he naturally said yes.
It was May 14, 2016, and Shimomura was living in the city of Nagoya. Thirty-two years old and skinny, with expressive eyes, he took pride in his appearance, often wearing a suit and mirror-shined loafers. But he was a minor figure in the organization: a collector of debts, a performer of odd jobs.

The superior assured him that the scheme was low risk, and instructed him to attend a meeting that evening at a bar in Nagoya. (Shimomura, who has since left the Yamaguchi-gumi, asked to be referred to only by his surname.) When Shimomura showed up, he found three other gangsters, none of whom he knew. Like many yakuza, he is of Korean descent, and two of the others were also Korean-Japanese; for a while, they spoke in Korean. The superior finally arrived, and the five men moved into a private room. Each volunteer was given a plain white credit card. There was no chip on the card, no numbers, no name—just a magnetic strip.

The superior read instructions from a thin manual: early the next morning, a Sunday, they should go to any 7-Eleven and use their white card at the store’s A.T.M. They could not use a regular bank A.T.M., or one in another convenience store. The gangsters should each withdraw a hundred thousand yen at a time (about nine hundred dollars) but make no more than nineteen transactions per machine. If anybody made twenty withdrawals from a single A.T.M., his card would be blocked. Withdrawals could start at 5 a.m. and continue until 8 a.m. The volunteers were told to choose the Japanese language when prompted—an indication, Shimomura realized, that the cards were foreign. After making nineteen withdrawals, they should wait an hour before visiting another 7-Eleven. They could keep ten per cent of the cash. The rest would go to the bosses. Finally, each volunteer was told to memorize a pin.

On Sunday morning, Shimomura rose early, and dressed in jeans, sunglasses, a baseball cap, and an old T-shirt. He walked to a 7-Eleven, where he bought a rice ball and a Coke, to settle himself. He inserted the card into the A.T.M. When the screen asked him which language he preferred, he felt a tremor of nerves while selecting “Japanese.” He withdrew a hundred thousand yen, then another, and then another. There was nobody else in the store apart from the guy at the register, who didn’t seem interested in him.

After making the first withdrawal, Shimomura printed a receipt. He saw a foreign name on the paper—he couldn’t tell what nationality the name was, but he knew it wasn’t Japanese—then stuffed the receipt in his pocket. Around 8 a.m., having completed a total of thirty-eight withdrawals at several A.T.M.s in the area, he headed home, waddling because of his bulging pockets: 3.8 million yen is a lot of cash. Shimomura took his ten per cent—about thirty-five hundred dollars—and stashed it in a drawer in his apartment. At 3 p.m., he met his superior to deliver the remaining money. (Later, he discovered that one of the other gangsters had absconded with the money and the card.)

The superior told Shimomura that he would retain five per cent of what his volunteers brought in and send the rest of the cash to his bosses. When Shimomura handed over his money, he sensed that the superior had enlisted many others. He was right. As the newspapers soon reported, more than sixteen million dollars was withdrawn from roughly seventeen hundred 7-Eleven A.T.M.s across Japan that morning, using data stolen from South Africa’s Standard Bank. The newspapers surmised that 7-Elevens had been targeted because they were the only convenience stores in Japan whose cash terminals all accepted foreign cards. Soon after the raids, the withdrawal limit for many A.T.M.s in the country was reduced to fifty thousand yen.

Shimomura deduced that he had been at the bottom of the food chain in the scam. The real money-makers were much higher up. What he did not know, until an interview with this magazine last year, was the identity of the villains at the top of the chain. Shortly after the A.T.M. thefts, according to Japanese police, the ringleader of the 7-Eleven operation crossed from China into North Korea. Shimomura had unwittingly been collecting money for the Korean People’s Army, as part of a racket that became known as FASTCash.

In satellite images of East Asia at night, lights blare almost everywhere, except in one inky patch between the Yellow Sea and the Sea of Japan, and between the thirty-eighth and the forty-third parallels: North Korea. Only Pyongyang, the capital, emits a recognizably modern glow. The dark country is one of the last nominally Communist nations in the world—a Stalinist personality cult centered on Kim Jong Un, the peevish, ruthless scion of the dynasty that has ruled North Korea since 1948, after the peninsula was divided. The D.P.R.K. purports to be a socialist autarky founded on the principle of juche, or self-reliance. Its borders are closed and its people sequestered. Foreigners find it profoundly difficult to understand what is happening inside North Korea, but it is even harder for ordinary North Korean citizens to learn about the outside world. A tiny fraction of one per cent of North Koreans has access to the Internet.

Yet, paradoxically, the North Korean government has produced some of the world’s most proficient hackers. At first glance, the situation is perverse, even comical—like Jamaica winning an Olympic gold in bobsledding—but the cyber threat from North Korea is real and growing. Like many countries, including the United States, North Korea has equipped its military with offensive and intelligence-gathering cyber weapons. In 2016, for instance, military coders from Pyongyang stole more than two hundred gigabytes of South Korean Army data, which included documents known as Operational Plan 5015—a detailed analysis of how a war with the country’s northern neighbor might proceed, and, notably, a plot to “decapitate” North Korea by assassinating Kim Jong Un. The breach was so egregious that Kim Tae-woo, a former president of the Korea Institute for National Unification, a think tank in Seoul, told the Financial Times, “Part of my mind hopes the South Korean military intentionally leaked the classified documents to the North with the intention of having a second strategy.”

North Korea, moreover, is the only nation in the world whose government is known to conduct nakedly criminal hacking for monetary gain. Units of its military-intelligence division, the Reconnaissance General Bureau, are trained specifically for this purpose. In 2013, Kim Jong Un described the men who worked in the “brave R.G.B.” as his “warriors . . . for the construction of a strong and prosperous nation.”

North Korea’s cybercrime program is hydra-headed, with tactics ranging from bank heists to the deployment of ransomware and the theft of cryptocurrency from online exchanges. It is difficult to quantify how successful Pyongyang’s hackers have been. Unlike terrorist groups, North Korea’s cybercriminals do not claim responsibility when they strike, and the government issues reflexive denials. As a result, even seasoned observers sometimes disagree when attributing individual attacks to North Korea. Nevertheless, in 2019, a United Nations panel of experts on sanctions against North Korea issued a report estimating that the country had raised two billion dollars through cybercrime. Since the report was written, there has been bountiful evidence to indicate that the pace and the ingenuity of North Korea’s online threat have accelerated.

According to the U.N., many of the funds stolen by North Korean hackers are spent on the Korean People’s Army’s weapons program, including its development of nuclear missiles. The cybercrime spree has also been a cheap and effective way of circumventing the harsh sanctions that have long been imposed on the country. In February, John C. Demers, the Assistant Attorney General for the National Security Division of the Justice Department, declared that North Korea, “using keyboards rather than guns,” had become a “criminal syndicate with a flag.”
Newsletter

Related Articles

0:00
0:00
Close
Spain in Ecstasy: "We Feel Unbeatable, We Taught the Whole World a Lesson"
Spain and UK Dismantle Gibraltar Border Following Landmark Schengen Integration Treaty
Church of England Rejects Plan to Rewild Thirty Percent of Land by 2030
UK Parliament Examines Future of Gaelic Broadcasting in Scotland
Thames Water Faces Criticism Over Four Million Pounds in Bonus Payments
South East Water Crisis Puts UK Water Regulation Under Renewed Scrutiny
UK Report Highlights Racial Inequality in Homelessness Support Services
UK Government Defends Proposed Social Media Curfew for Teenagers Despite Criticism
Reform UK Gains Recognition as Major Political Party in New Polling
Labour Party Faces Internal Divisions Over Gaza Policy and Asylum Reform
Experts Warn UK Housing and Transport Infrastructure Is Unprepared for Rising Extreme Heat
UK Human Rights Committee Begins Review of Immigration and Asylum Bill
UK Parliament Launches Inquiry Into Declining High Streets Across England
Bank of England Governor Warns of Growing AI Risks to Global Financial Security
UK Public Finance Institutions Mobilize Fifty Billion Pounds to Support Growth and Jobs
UK Parliament Opens Inquiry Into Long-Term Strategy Toward Russia
UK-India Trade Agreement Takes Effect With Zero-Duty Access for Nearly All Indian Exports
Forget Tinder: The Surprising Platform Where People Find Love
UK Government Faces Growing Debate Over Local Control of Immigration Enforcement
UK Biodiversity Forum Highlights Business Need to Protect Natural Environment
UK Parliament to Consider Workplace Temperature Limits Amid Climate Concerns
UK Parliament Considers Independent Immigration Appeals Authority Proposal
BBC Charter Renewal Scrutiny Intensifies as Parliament Reviews Broadcaster’s Future
Parliament Reviews Future of UK Maternity and Neonatal Care Services
UK-India Trade Accelerator Launched to Help Smaller Firms Expand Into Indian Market
UK Business Leaders Meet in Edinburgh to Address Economic Risks From Biodiversity Loss
UK Parliament Prepares for Sir Keir Starmer’s Final Prime Minister’s Questions Before Leadership Transition
Green Party-Led Lewisham Council Moves Against Cooperation With Home Office Immigration Raids
UK Government Faces Parliamentary Pressure Over Capita Contracts in Shared Services Programme
UK Economy Expected to See Modest Growth as OECD Highlights Fiscal and Global Risks
Public Accounts Committee Warns UK Government’s Four Point Three Billion Pound Shared Services Plan Risks Failure
EU and UK Sign Agreement Removing Gibraltar Border Controls After Years of Post-Brexit Uncertainty
OECD Warns UK Must Maintain Fiscal Discipline as Andy Burnham Prepares to Become Prime Minister
UK-India Free Trade Agreement Enters Into Force as Businesses Seek New Growth Opportunities
Harvard Astrophysicist to Lead U.S. Scientific Advisory on Unidentified Aerial Phenomena
On the Island That Did Not Yield to Trump, There Is No Electricity, and 10 Million Live in Darkness
Emergency Sirens Activated Across Bahrain as Interior Ministry Issues Shelter Directives
Key Trends to Watch
United Nations Expert Calls for Full Implementation of Supreme Court Ruling on Legal Definition of Sex
Industry Coalition Urges Labour Lawmakers to Back Continued North Sea Oil and Gas Production
Parliamentary Committee Calls for Tougher Restrictions on Unhealthy Food Advertising
Government Expands Awaab's Law to Cover Heat and Additional Housing Hazards
Energy Regulator Opens Independent Investigation Into National Grid Operator
United Kingdom and European Union Sign Landmark Gibraltar Border Agreement
Chancellor Unveils Financial Services Reform and Artificial Intelligence Strategy at Mansion House
Counterterrorism Police Take Over Investigation Into Killing of Former Minister Ann Widdecombe
Beer Industry Warns UK Rules Could Limit Growth of Alcohol-Free Market
Home Office Faces Legal Challenges Over Asylum Seeker Accommodation Closures
UK Heatwaves Linked to More Than Two Thousand Seven Hundred Deaths as Climate Debate Intensifies
Home Secretary Faces Pressure Over Political Security After Ann Widdecombe Murder Investigation
×