Cyber Threat Overview DPRK

Cyber Threat Overview: North Korea

The Democratic People’s Republic of Korea (DPRK), commonly known as North Korea, has invested heavily in developing cyber capabilities to support its regime. Since Kim Jong Un's rise to power in 2011, cyber operations have become a national priority.

The DPRK engages in traditional espionage, targeting various countries to support military and weapons development. However, unlike other nations, a major portion of its cyber activity focuses on generating revenue through cybercrime, which helps fuel the DPRK's ambitions. Despite its isolation, North Korea has built a capable cyber force, funneling many of the country's top students into computer science and IT training. 

Public service announcement - North Korean IT Worker Threats to U.S. Businesses

DPRK cyber tactics

North Korea employs a range of cyber tactics to fund its regime, including cryptocurrency heists and utilizing its citizens as remote IT workers. DPRK cyber actors aggressively target companies in the cryptocurrency space with highly tailored, hard-to-detect social engineering campaigns, stealing billions of dollars in cryptocurrency in recent years. They use publicly available information to manipulate victims rather than relying solely on advanced malware.

Additionally, thousands of North Korean remote IT workers have attempted to gain employment with businesses and organizations across the United States, ranging from Fortune 500 companies to U.S. government agencies. They pose as non-North Korean nationals and often victimize American citizens by stealing their identities. This scheme generates substantial revenue for the DPRK regime, amounting to hundreds of millions of dollars annually. These remote IT workers are a significant threat, as they can facilitate data theft, extortion, and malware deployment.

News and alerts

View more FBI Cyber news and alerts.

Additional resources