On 25 July, the UK National Cyber Security Centre Centre (NCSC) issued a warning that North Korea is sponsoring cyber operations on critical infrastructure and organisations. The NCSC warning coincided with similar warnings from US and South Korean intelligence agencies. All three countries highlighted cyber attacks by Andariel Group (APT45) over the past three years as a demonstration of the growing sophistication of North Korea’s cyber capabilities.

The Reconnaissance General Bureau (RGB) – North Korea’s primary intelligence agency – sponsors national advanced persistent threat (ATP) actors. North Korean APTs primarily steal intellectual property and sensitive information that furthers the goals of the regime in Pyongyang. Multiple sectors report cyberattacks by North Korean APTs, from defence through to agriculture. Especially as the regime compensates for North Korea’s technological isolation. Furthermore, North Korean cyber operations are not limited to South Korea and the US. Reported attacks come from across the globe, from Brazil to India. 

Key Judgement 1. It is highly likely North Korean hackers are targeting defence, aerospace and energy sectors to advance Pyongyang’s military and nuclear technology.

Key Judgement 2. It is likely North Korea’s self-imposed isolation and risk of famine is driving the theft of agricultural intellectual property as Pyongyang seeks to boost crop yields.

Key Judgement 3. It is highly likely North Korean ransomware attacks enable Pyongyang to generate revenue for further cyber attacks and other illicit activities.