North Korea Runs 200 Hacker Groups Overseas

Excerpt from the Worldwide Threat Assessment:
North Korea
North Korea poses a significant cyber threat to financial institutions, remains a cyber espionage threat, and retains the ability to conduct disruptive cyber attacks. North Korea continues to use cyber capabilities to steal from financial institutions to generate revenue. Pyongyang’s cyber crime operations include attempts to steal more than $1.1 billion from financial institutions across the world—including a
successful cyber heist of an estimated $81 million from the New York Federal Reserve account of Bangladesh’s central bank.

N.Korea Runs 200 Hacker Groups Overseas

About 200 North Korean hacker groups are working overseas to earn hard currency and gather information by selling malware built by a global app developer, a source said Tuesday.

Their main customers are dealers in the West, including the U.S. and Canada. “North Korean hacker groups in China, Russia and Southeast Asia are taking orders from dealers in the U.S., Canada, Switzerland, and Sweden through a site ( to build software and plant malware in it,” a source said Tuesday. “This is called ‘Operation Trojan Horse.'”

They are believed to hack into foreign companies’ systems using the malware to collect information and steal money. “There are currently about 200 North Korean hacker groups overseas, each of which is sending US$400,000 to $1 million to Pyongyang annually,” the source said.

Each group consists of about five to 10 hackers working behind front companies camouflaged as trading firms set up by locals in the countries where they operate.

The source said the hackers are employed by the North’s General Reconnaissance Bureau, the top spy agency, and at first specialized in cyber warfare like distributed denial-of-service (DDoS) attacks. But more recently they have focused on earning hard currency by hacking as the regime runs out of cash amid international sanctions.

Ryu Dong-ryeol of the Korea Institute of Liberal Democracy said they earn up to 1 trillion won a year and are also active in South Korea.

Voice of America said on Tuesday said the U.S. Congress is seeking various ways to guard against cyber attacks from North Korea.

Leave a Reply

Your email address will not be published. Required fields are marked *