An exploratory analysis of the DPRK cyber threat landscape using publicly available reports
Contents
Abstract
Cyber activities have evolved to mirror real-world operations, prompting state-sponsored intelligence agencies to pivot swiftly to cyberspace. Notably, Democratic People’s Republic of Korea (DPRK) state-sponsored threat actors have emerged as significant global players, targeted not only the Republic of Korea but also engaged in espionage activities worldwide. Their activities have expanded to include ransomware distribution and cryptocurrency heists, indicating a pursuit of financial gain. To comprehensively understand and track their activities, the research utilized exploratory analysis of publicly available reports. This research involved meticulous analysis of over 2000 publicly available reports spanning a significant period from 2009 to May 2024. Our analysis focused on identifying the code names employed in these reports to denote DPRK state-sponsored threat actors. By analyzing the naming conventions used by cyber threat intelligence companies, the study clustered groups believed to represent the same entity. This approach identified 160 distinct code names for these actors. Additionally, …
Cyber activities have evolved to mirror real-world operations, prompting state-sponsored intelligence agencies to pivot swiftly to cyberspace. Notably, Democratic People’s Republic of Korea (DPRK) state-sponsored threat actors have emerged as significant global players, targeted not only the Republic of Korea but also engaged in espionage activities worldwide. Their activities have expanded to include ransomware distribution and cryptocurrency heists, indicating a pursuit of financial gain. To comprehensively understand and track their activities, the research utilized exploratory analysis of publicly available reports. This research involved meticulous analysis of over 2000 publicly available reports spanning a significant period from 2009 to May 2024. Our analysis focused on identifying the code names employed in these reports to denote DPRK state-sponsored threat actors. By analyzing the naming conventions used by cyber threat intelligence companies, the study clustered groups believed to represent the same entity. This approach identified 160 distinct code names for these actors. Additionally, …