[The Public = Reporter Kim Jong-yeon] North Korea stole more than 2 trillion KRW (approximately 1.5 billion USD) in virtual assets last year and breached domestic document-management systems, exfiltrating up to 2.6 million sensitive records.
On May 11, security firms said the National Intelligence Service’s National Cybersecurity Center (NCSC) released an annual report the previous day summarizing last year’s cyber threat trends and response outcomes. The report concluded North Korea carried out coordinated campaigns to steal technology and siphon large sums of money, targeting sectors such as defense and information technology.
Attacks on document-management systems were highlighted. North Korean operators exploited vulnerabilities in three domestic document-management solutions, created unauthorized administrator privileges, and siphoned off files. Analysts estimate the number of compromised sensitive records ranges from roughly 700 to as many as 2.6 million.
Andariel, a hacking unit linked to the Reconnaissance General Bureau, used an IT maintenance contractor as a foothold to infiltrate critical infrastructure networks. The group seized control of about 20 servers and extracted key materials, including engineering drawings. NCSC analysts say Andariel’s campaign centers on credential theft and ransomware deployment.
The group’s tactics have broadened. Andariel targeted domestic asset-management and centralized document platforms with widespread malware and even stole certificates from local security vendors to digitally sign its malicious code, helping it evade detection.
Attack methods have advanced further. Investigators confirmed additional compromises of open-source supply chains and uncovered a new tactic that uses deepfake technology in video interviews to fabricate identities and gain employment at foreign IT firms. For the first time, analysts also observed attackers remotely factory-resetting victims’ smartphones to erase forensic traces and blunt defensive responses.
Using those techniques, North Korea’s virtual-asset thefts last year exceeded 2 trillion KRW (approximately 1.5 billion USD) — the largest haul on record.
In response, the government launched a nationwide rapid-response unit called “Cyber 119” in August. Officials deployed about 130 specialists from 46 agencies across five regions, including the Seoul metropolitan area and Yeongnam, to speed initial response to major hacks and network outages.
The government also rolled out the National Network Security Framework (N2SF), which classifies data sensitivity into three tiers — confidential, sensitive, and public — and applies graduated protections. Officials say N2SF gives public agencies a safer foundation to adopt emerging technologies like generative AI and cloud services.
Seoul is accelerating defenses in future security domains such as space and quantum technologies. Cybersecurity guidance for space systems was updated, and Korea finalized four post-quantum cryptographic algorithms to counter threats in the coming quantum-computing era. The government plans a comprehensive roadmap to migrate the nation’s cryptographic systems to post-quantum algorithms by 2035.
The NCSC warned that last year’s large-scale personal data leaks and government network outages show how cyber threats can have physical consequences, and it pledged to proactively counter AI-enabled and other emerging threats to build a digital environment the public can trust.
