North Korea is militarily isolated and economically sanctioned, yet it uses cyber operations as an important component of its strategy to raise money and fund its military programs. A portion of these revenues has flowed directly into the country's missile and nuclear program, according to UN reports. The exact amount of cryptocurrency stolen by North Korean hackers in recent years remains unclear, as does the specific military programs funded beyond the missile and nuclear program.
International recognition of North Korea as a major cyber threat is widespread. North Korea is one of the most active actors worldwide in cyberspace according to experts. The United Kingdom views North Korea as a serious cyber threat alongside China, Russia, and Iran, considering them the four main actors, according to James Sullivan, Cyber Director of RUSI.
US agencies such as the NSA and CISA regularly warn about North Korean hacker groups. The effectiveness of international sanctions in curbing North Korea's cyber activities is not fully known. Targeting of cryptocurrency platforms and critical infrastructure for financial gain is a hallmark of North Korean cyber activities.
North Korean hackers are particularly active in attacks on cryptocurrency platforms according to international security agencies and analysts. North Korean groups target crypto exchanges, banks, and IT service providers to steal large sums of money to finance various state programs, according to multiple cybersecurity analyses. North Korea has targeted critical infrastructure in the past to achieve financial gains, according to James Sullivan.
The so-called Lazarus Group is frequently mentioned as being responsible for several large-scale cyberattacks, though the identity and leadership of the group beyond its attribution to North Korea are uncertain. The current scale of cooperation between North Korean hackers and Russia is also not confirmed.