[PeterisP]

I specifically used NK as an example because it is already doing ransomware attacks (though not on the same scale) and while perhaps it might technically/legally be treated as "declaration of war", it is obviously not being treated that way. This would not be a novel thing, this be more of the same, just a bit larger target and larger impact. You could also look at all the other cases of state-sponsored malware causing damage; while technically those might be considered as an act of war, the precedent is that none of the cases have ever been treated by the victimized countries as such in practice. E.g. perhaps Iran complained about Stuxnet diplomatically, but it's not something that escalated to "kinetic action".

And even if it would, so what? It's not like USA is lacking some casus belli to attack NK; the major factors of whether some military action is worthwhile or not would stay the same after such a hack. This would work to deter Russia, who wants to be integrated in trade, but countries which already are isolated and/or already treated as hostile (for example, Iran) wouldn't care; if USA wanted a war there, then refraining from such a hack would not prevent it, and if USA doesn't consider a war there as profitable, then doing some hacks would not be treated as a larger threat than e.g. nuclear weapons development, so it wouldn't even be a significant escalation in the current bad relationships.