Photo credit: Roman Karak
This week marks the 80th anniversary of the founding of the Workers’ Party of Korea. The hermit tyranny regularly hosts extravagant parades to mark significant anniversaries, as it did on the 75th anniversary.
While the country is known for its bombastic military parades, long-range rockets, and nuclear threats, it is Pyongyang’s more silent statecraft that is one of its most dangerous tools. North Korea has one of the world’s best hacker units.
Indeed, North Korean hackers have netted over $2 billion in recent attacks. Impressive for a country that has a GDP of just $35 billion.
North Korea’s cyber operations are overseen by the country’s Reconnaissance General Bureau (RGB), and at the heart of Pyongyang’s cyber operations is the “Lazarus Group”. This is the nickname given to a group of elite hackers linked to the regime in North Korea, and is considered one of the most serious threats to global cyber security.
In the past, it raised money from hacking into banking systems in poor countries, where technology is rudimentary and software is often outdated and peppered with vulnerabilities.
A good example is North Korea’s theft of over $81 million from Bangladesh in 2016, or its thefts from Latin American banks. But recently, North Korea has targeted richer, more advanced countries, and the profits have been enormous, dwarfing the relative pocket change of the Bangladesh heist.
At first viewing, North Korea is not an obvious candidate for cyber excellence. In sharp contrast to the hi-tech neon lights of South Korea, where high-speed internet and smartphones are omnipresent, North Korea belongs to a different era. But while North Korea’s impoverished and isolated population is cut off from technology, its military is certainly not.
Ironically, the fact North Korea’s rivals are so technologically advanced makes them easier to attack.
In military terms, a society dependent on the internet and technology, with significant assets like crypto and databases on sensitive information, is “target rich” in a way that a backwards and isolated country like North Korea is not. In this sense, North Korea’s rivals are victims of their own success.
Pyongyang enjoys an asymmetric advantage.
North Korea’s cyber army has evolved from snatch-grab hacks on banks in developing countries to muscular and sophisticated breaches of some of the world’s most advanced and (on paper) well-protected cyber systems.
A good example is the United Arab Emirates (UAE), a country whose global orientation and modern technology is the antithesis of North Korea. In February 2025, Dubai-based crypto exchange Bybit lost $1.5 billion in a cyber-attack attributed to North Korea. This was in a similar vein to a 2017 operation where North Korean hackers bankrupted South Korean crypto exchange Youbit, such was the attack’s scale.
North Korea has successfully penetrated the U.S.’s cybersecurity systems too. In July 2024, North Korean hacker Rim Jong Hyok was indicted by a Grand Jury in the U.S. for his role in multiple cyber-attacks, including one attack that allowed NASA’s computer system to be breached.
North Korea has clearly developed systems sufficiently powerful to bypass security in some of the world’s richest countries. More recently, Artificial Intelligence (AI) has allowed North Korea to strengthen its operations significantly.
In 2025, North Korean hackers used ChatGPT to generate fake South Korean military ID documents and then used these to trick sensitively-placed correspondents into email exchanges. As Sandy Kronenberg of cyber security firm Netarx warned, “An email with a forged attachment may be followed by a phone call or even a video appearance that reinforces the deception”.
While ChatGPT bans the use of its platform to do this, North Korean hackers carefully worded their prompts to bypass this.
Pyongyang’s cyber operations punch significantly above their weight. The thefts from banks and crypto exchanges help provide cash for the heavily sanctioned, isolated, and impoverished state.
As these events have shown, their attacks can penetrate sophisticated cyber security in enemy nations, including NASA’s computers, and in Seoul. This has huge ramifications for security in the Indo-Pacific and beyond.
The 2017 hacking successfully stole the “U.S.-South Korea Operation Plans 5015” – which detail the war plans South Korea and the U.S. would use in the event of war with North Korea.
As North Korea embraces AI, we can expect more dangers to emerge from a kingdom that despite its hermit status, is a world leader in cyber warfare.
Michael McManus is Director of Research at The Henry Jackson Society.
michael.mcmanus@henryjacksonsociety.org
