North Korea’s cyber capabilities have evolved dramatically in recent years, progressing beyond simple hacking to encompass public opinion manipulation, military technology theft, and cryptocurrency mining. The country increasingly deploys IT workers in sophisticated “asymmetric operations” that face few geographic or temporal constraints and are difficult to trace.
The regime recently established the “227 Research Center” under the Reconnaissance General Bureau of the Korean People’s Army. This lab functions around the clock, providing immediate responses to information from overseas hacking groups. This development indicates North Korean authorities now view cyber warfare as essential to regime survival.
From Intelligence Collection to Opinion Manipulation: ‘Building Military, Economic and Scientific Power’
According to a Daily NK source within North Korea, the country’s overseas IT workers are far more than technical specialists. They function as cyber warriors executing state strategy in the digital realm. Their responsibilities are strictly compartmentalized according to strategic objectives, with personnel carrying out various missions including hacking, intelligence gathering, financial crimes, and public opinion manipulation.
“Cyber warriors primarily aim to collect or steal critical intelligence, including military, economic, and scientific technology from enemy forces, and convert it into usable resources,” the source explained. “Through these efforts, the state aims to establish itself as a military, economic, and scientific powerhouse.”
The responsibilities of North Korea’s cyber operatives break down as follows:
- Gathering intelligence on latest technological trends (20%)
- Espionage activities targeting personal information of key political, military, and economic figures (15%)
- Public opinion manipulation to create social discord (25%)
- Financial hacking for foreign currency acquisition (20%)
- Cryptocurrency theft (20%)
These roles are systematically allocated according to the strategic priorities of North Korean authorities.
North Korea’s cyber warriors respond swiftly to directives from the regime. “In late January, authorities issued orders to increase focus on manipulating U.S. public opinion, cryptocurrency hacking, and fraudulent employment schemes, along with intelligence theft,” the source revealed.
Given that President Donald Trump began his second term in late January, this suggests North Korea has intensified cyber operations designed to amplify social divisions within the United States—North Korea’s primary adversary—and weaken international sanctions solidarity against Pyongyang.
The Evolution of Psychological Warfare
North Korean cyber attacks have expanded into subtle psychological operations designed to foment internal discord in targeted countries. These cyber operatives employ various techniques to manipulate public opinion while protecting the North Korean regime.
“Public opinion operations represent our highest priority, with the core objective being to promote internal division among enemy forces while disseminating favorable images of our state,” the source disclosed.
According to the source, North Korean cyber warriors impersonate foreign media outlets to produce fake news on sensitive topics including political tensions, racial issues, and economic inequality. They distribute this content across social media platforms and online communities to exacerbate internal tensions within enemy nations.
Military Goals and Regime Preservation Through Cyber Attacks
North Korean cyber warriors also conduct attacks to achieve military objectives. “Acquiring nuclear and missile technology ranks among our core missions for ensuring military and defense success,” the source stated. “A primary strategy involves hacking internal networks of research institutions, defense contractors, and military-related companies through spear-phishing to extract critical technical data.”
In 2014, North Korean operatives stole significant missile-related technology by infiltrating a South Korean defense company’s internal network. The cyber warriors responsible received the Order of the Flag, First Class and substantial financial rewards for their contribution to the state.
North Korea continues attempting to infiltrate research agencies and defense companies in major countries including South Korea, the United States, and Japan. Last April, the National Security Investigation Bureau of South Korea’s National Office of Investigation confirmed that North Korean hacking groups had conducted comprehensive attacks against approximately ten local defense companies to steal military technology.
Financial Crime as Foreign Currency Source
Facing difficulties securing foreign currency due to international sanctions, North Korea increasingly relies on cyber financial crime as a crucial source of foreign exchange, with its hackers developing increasingly sophisticated methods of theft.
Daily NK reported that dozens of young researchers from Kim Il Sung University’s Information Technology Institute were dispatched to China and Southeast Asia in mid-January. These researchers were primarily tasked with earning foreign currency through overseas web design, app development, and cryptocurrency projects.
“Cyber warriors can undertake side jobs with state permission,” the source explained. “The state overlooks their private activities provided they don’t undermine state authority or reveal their identities. This policy helps secure additional foreign currency.”
Under this arrangement, North Korea’s cyber operatives illegally acquire millions of U.S. dollars annually. According to a March report from the U.N. Security Council’s North Korea Sanctions Committee, North Korea obtained an estimated $3 billion in stolen cryptocurrency through cyberattacks between 2017 and 2023.
North Korean cyber warriors view cryptocurrency as a “lifeline” for obtaining foreign currency essential to regime preservation. They continuously conduct direct and indirect attacks on cryptocurrency exchanges, engage in illegal cryptocurrency mining, and target network firewalls.
“As of January 2024, hackers were attempting to attack U.S. bitcoin mining company CleanSpark as ordered, and are now targeting bitcoin investment company MicroStrategy (now called Strategy) following new directives,” the source revealed, indicating ongoing attacks against prominent cryptocurrency-related businesses.
Expert Assessment and International Response
Experts note that North Korea’s cyber activities have grown increasingly sophisticated, evolving beyond simple financial crime to become an essential strategy for regime maintenance. They emphasize that the international community must strengthen surveillance and response mechanisms, as North Korean hacking now poses a threat to the global financial system.
“North Korea’s cyber attacks require a coordinated response through information sharing and cooperation, as they represent not merely individual national concerns but direct threats to international security,” stated one cyber security expert who requested anonymity. “To enhance response capabilities against cybercrime and hacking, intelligence agencies and cyber security experts worldwide must analyze North Korea’s attack patterns and develop effective countermeasures.”
“Global financial institutions urgently need to collaborate to counter North Korea’s cryptocurrency theft and financial crimes,” the expert added. “Financial agencies and cryptocurrency exchanges must elevate their security protocols and aggressively block suspicious transactions linked to North Korea.”
March 28, 2025 at 06:00AM
by DailyNK(North Korean Media)