North Korean Tactics, Techniques, and Procedures for Revenue Generation
Contents
UNCLASSIFIED
North Korean Tactics, Techniques, and
Procedures for Revenue Generation
.CTIIC | JULY 2023
Page 1 of 3
North Korea is evading US and UN sanctions by targeting private companies to illicitly acquire income
and fund the regime’s priorities, including its WMD and ballistic missile programs. This product provides
an overview of the common tactics, techniques, and procedures (TTPs) North Korean cyber actors
use to target and gain access to financial institutions and entities associated with cryptocurrency for
cyber exploitation and revenue generation. In addition, this product provides mitigation measures to
identify and deter North Korean IT workers deployed worldwide who pose as other nationalities to
gain employment.
NORTH KOREAN CYBER OPERATIONS
North Korea’s cyber actors employ a range of tactics in their operations to further their larger espionage
and financial goals.
Spear Phishing or
Social Engineering
North Korean IT
Worker–Enabled
Malicious Access
Software
Vulnerability
Exploitation
Supply Chain
Attack
North Korean cyber actors rely heavily on spear phishing with
investment-, job-, and payroll-themed e-mails or social media
messages to trick a target company’s employees into downloading
malware that …
North Korean Tactics, Techniques, and
Procedures for Revenue Generation
.CTIIC | JULY 2023
Page 1 of 3
North Korea is evading US and UN sanctions by targeting private companies to illicitly acquire income
and fund the regime’s priorities, including its WMD and ballistic missile programs. This product provides
an overview of the common tactics, techniques, and procedures (TTPs) North Korean cyber actors
use to target and gain access to financial institutions and entities associated with cryptocurrency for
cyber exploitation and revenue generation. In addition, this product provides mitigation measures to
identify and deter North Korean IT workers deployed worldwide who pose as other nationalities to
gain employment.
NORTH KOREAN CYBER OPERATIONS
North Korea’s cyber actors employ a range of tactics in their operations to further their larger espionage
and financial goals.
Spear Phishing or
Social Engineering
North Korean IT
Worker–Enabled
Malicious Access
Software
Vulnerability
Exploitation
Supply Chain
Attack
North Korean cyber actors rely heavily on spear phishing with
investment-, job-, and payroll-themed e-mails or social media
messages to trick a target company’s employees into downloading
malware that …