cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

3 things you need to know about North Korean cyber activity

The world has witnessed a proliferation of cyber threats and attacks in the last 12 months – many from state-sponsored actors, and many of those are backed by North Korea.

user icon David Hollingworth
Tue, 29 Aug 2023
3 things you need to know about North Korean cyber activity
expand image

North Korea is one of the most notorious players in this area. North Korean cyber activity has garnered international attention for its audacity and sophistication.

Here are three essential things you need to know:

1. State-sponsored cyber operations


North Korea has leveraged state-sponsored cyber operations as a means to generate income and advance its political agenda for over a decade. These operations are typically carried out by a secretive unit within the country’s intelligence apparatus known as the Reconnaissance General Bureau. Their primary focus is on financial cyber crime, including hacking financial institutions and cryptocurrency exchanges. North Korean hackers have been implicated in the theft of hundreds of millions of dollars through these activities.

But it’s not all about money.

One of the most notorious examples is the 2014 cyber attack on Sony Pictures Entertainment. This attack – believed to be retaliation for a film depicting the fictional assassination of North Korea’s leader, Kim Jong-un – resulted in the leaking of sensitive documents, emails, and unreleased films. The incident exposed North Korea’s growing cyber capabilities and its willingness to deploy them on a global scale.

2. APT groups and Lazarus

North Korea’s cyber operations are often carried out by advanced persistent threat (APT) groups, with the most infamous being the Lazarus Group. Lazarus has been linked to numerous high-profile cyber attacks, including the 2017 WannaCry ransomware attack and the 2016 Bangladesh Bank heist, which resulted in the theft of over US$80 million.

One distinctive feature of North Korean cyber activity is its ability to disguise its origins. These groups often employ tactics such as routing their attacks through servers in other countries and using stolen digital certificates to make their malware appear legitimate. This makes attribution challenging but not impossible, and security experts continue to monitor North Korean activities closely.

3. Geopolitical motivations

As well as bringing money into the country, North Korean cyber operations are also a powerful tool for advancing the country’s geopolitical objectives. North Korea has been accused of conducting cyber espionage operations against South Korea, the United States, Japan, and other nations. These operations aim to steal sensitive information, gain a strategic advantage, and undermine its adversaries.

Additionally, North Korea has increasingly turned to cryptocurrency theft as a means of circumventing international sanctions. By stealing cryptocurrency, the regime can obtain funds outside the traditional banking system, enabling it to finance its activities and evade economic pressure.

Understanding and countering North Korean cyber threats remain critical for the security of nations and the global economy. It’s a reminder that cyber security is not just a technical challenge but a complex geopolitical one as well.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.