London Daily

Focus on the big picture.
Thursday, Sep 18, 2025

The Incredible Rise of North Korea’s Hacking Army

The Incredible Rise of North Korea’s Hacking Army

Shimomura was a member of the Yamaguchi-gumi, the largest yakuza crime family in Japan. When one of his superiors asked him if he wanted to make a pile of fast money, he naturally said yes.
It was May 14, 2016, and Shimomura was living in the city of Nagoya. Thirty-two years old and skinny, with expressive eyes, he took pride in his appearance, often wearing a suit and mirror-shined loafers. But he was a minor figure in the organization: a collector of debts, a performer of odd jobs.

The superior assured him that the scheme was low risk, and instructed him to attend a meeting that evening at a bar in Nagoya. (Shimomura, who has since left the Yamaguchi-gumi, asked to be referred to only by his surname.) When Shimomura showed up, he found three other gangsters, none of whom he knew. Like many yakuza, he is of Korean descent, and two of the others were also Korean-Japanese; for a while, they spoke in Korean. The superior finally arrived, and the five men moved into a private room. Each volunteer was given a plain white credit card. There was no chip on the card, no numbers, no name—just a magnetic strip.

The superior read instructions from a thin manual: early the next morning, a Sunday, they should go to any 7-Eleven and use their white card at the store’s A.T.M. They could not use a regular bank A.T.M., or one in another convenience store. The gangsters should each withdraw a hundred thousand yen at a time (about nine hundred dollars) but make no more than nineteen transactions per machine. If anybody made twenty withdrawals from a single A.T.M., his card would be blocked. Withdrawals could start at 5 a.m. and continue until 8 a.m. The volunteers were told to choose the Japanese language when prompted—an indication, Shimomura realized, that the cards were foreign. After making nineteen withdrawals, they should wait an hour before visiting another 7-Eleven. They could keep ten per cent of the cash. The rest would go to the bosses. Finally, each volunteer was told to memorize a pin.

On Sunday morning, Shimomura rose early, and dressed in jeans, sunglasses, a baseball cap, and an old T-shirt. He walked to a 7-Eleven, where he bought a rice ball and a Coke, to settle himself. He inserted the card into the A.T.M. When the screen asked him which language he preferred, he felt a tremor of nerves while selecting “Japanese.” He withdrew a hundred thousand yen, then another, and then another. There was nobody else in the store apart from the guy at the register, who didn’t seem interested in him.

After making the first withdrawal, Shimomura printed a receipt. He saw a foreign name on the paper—he couldn’t tell what nationality the name was, but he knew it wasn’t Japanese—then stuffed the receipt in his pocket. Around 8 a.m., having completed a total of thirty-eight withdrawals at several A.T.M.s in the area, he headed home, waddling because of his bulging pockets: 3.8 million yen is a lot of cash. Shimomura took his ten per cent—about thirty-five hundred dollars—and stashed it in a drawer in his apartment. At 3 p.m., he met his superior to deliver the remaining money. (Later, he discovered that one of the other gangsters had absconded with the money and the card.)

The superior told Shimomura that he would retain five per cent of what his volunteers brought in and send the rest of the cash to his bosses. When Shimomura handed over his money, he sensed that the superior had enlisted many others. He was right. As the newspapers soon reported, more than sixteen million dollars was withdrawn from roughly seventeen hundred 7-Eleven A.T.M.s across Japan that morning, using data stolen from South Africa’s Standard Bank. The newspapers surmised that 7-Elevens had been targeted because they were the only convenience stores in Japan whose cash terminals all accepted foreign cards. Soon after the raids, the withdrawal limit for many A.T.M.s in the country was reduced to fifty thousand yen.

Shimomura deduced that he had been at the bottom of the food chain in the scam. The real money-makers were much higher up. What he did not know, until an interview with this magazine last year, was the identity of the villains at the top of the chain. Shortly after the A.T.M. thefts, according to Japanese police, the ringleader of the 7-Eleven operation crossed from China into North Korea. Shimomura had unwittingly been collecting money for the Korean People’s Army, as part of a racket that became known as FASTCash.

In satellite images of East Asia at night, lights blare almost everywhere, except in one inky patch between the Yellow Sea and the Sea of Japan, and between the thirty-eighth and the forty-third parallels: North Korea. Only Pyongyang, the capital, emits a recognizably modern glow. The dark country is one of the last nominally Communist nations in the world—a Stalinist personality cult centered on Kim Jong Un, the peevish, ruthless scion of the dynasty that has ruled North Korea since 1948, after the peninsula was divided. The D.P.R.K. purports to be a socialist autarky founded on the principle of juche, or self-reliance. Its borders are closed and its people sequestered. Foreigners find it profoundly difficult to understand what is happening inside North Korea, but it is even harder for ordinary North Korean citizens to learn about the outside world. A tiny fraction of one per cent of North Koreans has access to the Internet.

Yet, paradoxically, the North Korean government has produced some of the world’s most proficient hackers. At first glance, the situation is perverse, even comical—like Jamaica winning an Olympic gold in bobsledding—but the cyber threat from North Korea is real and growing. Like many countries, including the United States, North Korea has equipped its military with offensive and intelligence-gathering cyber weapons. In 2016, for instance, military coders from Pyongyang stole more than two hundred gigabytes of South Korean Army data, which included documents known as Operational Plan 5015—a detailed analysis of how a war with the country’s northern neighbor might proceed, and, notably, a plot to “decapitate” North Korea by assassinating Kim Jong Un. The breach was so egregious that Kim Tae-woo, a former president of the Korea Institute for National Unification, a think tank in Seoul, told the Financial Times, “Part of my mind hopes the South Korean military intentionally leaked the classified documents to the North with the intention of having a second strategy.”

North Korea, moreover, is the only nation in the world whose government is known to conduct nakedly criminal hacking for monetary gain. Units of its military-intelligence division, the Reconnaissance General Bureau, are trained specifically for this purpose. In 2013, Kim Jong Un described the men who worked in the “brave R.G.B.” as his “warriors . . . for the construction of a strong and prosperous nation.”

North Korea’s cybercrime program is hydra-headed, with tactics ranging from bank heists to the deployment of ransomware and the theft of cryptocurrency from online exchanges. It is difficult to quantify how successful Pyongyang’s hackers have been. Unlike terrorist groups, North Korea’s cybercriminals do not claim responsibility when they strike, and the government issues reflexive denials. As a result, even seasoned observers sometimes disagree when attributing individual attacks to North Korea. Nevertheless, in 2019, a United Nations panel of experts on sanctions against North Korea issued a report estimating that the country had raised two billion dollars through cybercrime. Since the report was written, there has been bountiful evidence to indicate that the pace and the ingenuity of North Korea’s online threat have accelerated.

According to the U.N., many of the funds stolen by North Korean hackers are spent on the Korean People’s Army’s weapons program, including its development of nuclear missiles. The cybercrime spree has also been a cheap and effective way of circumventing the harsh sanctions that have long been imposed on the country. In February, John C. Demers, the Assistant Attorney General for the National Security Division of the Justice Department, declared that North Korea, “using keyboards rather than guns,” had become a “criminal syndicate with a flag.”
Newsletter

Related Articles

0:00
0:00
Close
Macron and his wife to provide 'scientific photographic evidence' that she is a real woman
US Tech Giants Pledge Billions to UK AI Infrastructure Following Starmer's Call
Saudi Arabia cracks down on music ‘lounges’ after conservative backlash
DeepMind and OpenAI Achieve Gold at ‘Coding Olympics’ in AI Milestone
SEC Allows Public Companies to Block Investors from Class-Action Lawsuits
Saudi Arabia Signs ‘Strategic Mutual Defence’ Pact with Pakistan, Marking First Arab State to Gain Indirect Access to Nuclear Strike Capabilities in the Region
Federal Reserve Cuts Rates by Quarter Point and Signals More to Come
Effective and Impressive Generation Z Protest: Images from the Riots in Nepal
European manufacturers against ban on polluting cars: "The industry may collapse"
Sam Altman sells the 'Wedding Estate' in Hawaii for 49 million dollars
Trump: Cancel quarterly company reports and settle for reporting once every six months
Turkish car manufacturer Togg Enters German Market with 5-Star Electric Sedan and SUV to Challenge European EV Brands
US Launches New Pilot Program to Accelerate eVTOL Air Taxi Deployment
Christian Brueckner Released from German Prison after Serving Unrelated Sentence
World’s Longest Direct Flight China Eastern to Launch 29-Hour Shanghai–Buenos Aires Direct Flight via Auckland in December
New OpenAI Study Finds Majority of ChatGPT Use Is Personal, Not Professional
Hong Kong Industry Group Calls for HK$20 Billion Support Fund to Ease Property Market Stress
Joe Biden’s Post-Presidency Speaking Fees Face Weak Demand amid Corporate Reluctance
Charlie Kirk's murder will break the left's hateful cancel tactics
Kash Patel erupts at ‘buffoon’ Sen. Adam Schiff over Russiagate: ‘You are the biggest fraud’
Homeland Security says Emmy speech ‘fanning the flames of hatred’ after Einbinder’s ‘F— ICE’ remark
Charlie Kirk’s Alleged Assassin Tyler Robinson Faces Death Penalty as Charges Formally Announced
Actor, director, environmentalist Robert Redford dies at 89
The conservative right spreads westward: a huge achievement for 'Alternative for Germany' in local elections
JD Vance Says There Is “No Unity” with Those Who Celebrate Charlie Kirk’s Killing, and he is right!
Trump sues the 'New York Times' for an astronomical sum of 15 billion dollars
Florida Hospital Welcomes Its Largest-Ever Baby: Annan, Nearly Fourteen Pounds at Birth
U.S. and Britain Poised to Finalize Over $10 Billion in High-Tech, Nuclear and Defense Deals During Trump State Visit
China Finds Nvidia Violated Antitrust Laws in Mellanox Deal, Deepens Trade Tensions with US
US Air Force Begins Modifications on Qatar-Donated Jet Amid Plans to Use It as Air Force One
Pope Leo Warns of Societal Crisis Over Mega-CEO Pay, Citing Tesla’s Proposed Trillion-Dollar Package
Poland Green-Lights NATO Deployment in Response to Major Russian Drone Incursion
Elon Musk Retakes Lead as World’s Richest After Brief Ellison Surge
U.S. and China Agree on Framework to Shift TikTok to American Ownership
London Daily Podcast: London Massive Pro Democracy Rally, Musk Support, UK Economic Data and Premier League Results Mark Eventful Weekend
This Week in AI: Meta’s Superintelligence Push, xAI’s Ten Billion-Dollar Raise, Genesis AI’s Robotics Ambitions, Microsoft Restructuring, Amazon’s Million-Robot Milestone, and Google’s AlphaGenome Update
Le Pen Tightens the Pressure on Macron as France Edges Toward Political Breakdown
Musk calls for new UK government at huge pro-democracy rally in London, but Britons have been brainwashed to obey instead of fighting for their human rights
Elon Musk responds to post calling for the murder of Erika Kirk, widow of Charlie Kirk: 'Either we fight back or they will kill us'
Czech Republic signs €1.34 billion contract for Leopard 2A8 main battle tanks with delivery from 2028
USA: Office Depot Employees Refused to Print Poster in Memory of Charlie Kirk – and Were Fired
Proposed U.S. Bill Would Allow Civil Suits Against Judges Who Release Repeat Violent Offenders
Penske Media Sues Google Over “AI Overviews,” Claiming It Uses Journalism Without Consent and Destroys Traffic
Indian Student Engineers Propose “Project REBIRTH” to Protect Aircraft from Crashes Using AI, Airbags and Smart Materials
French Debt Downgrade Piles Pressure on Macron’s New Prime Minister
US and UK Near Tech, Nuclear and Whisky Deals Ahead of Trump Trip
One in Three Europeans Now Uses TikTok, According to the Chinese Tech Giant
Could AI Nursing Robots Help Healthcare Staffing Shortages?
NATO Deploys ‘Eastern Sentry’ After Russian Drones Violate Polish Airspace
Anesthesiologist Left Operation Mid-Surgery to Have Sex with Nurse
×