Scribd
Upload
13 views1 page

Citation 388192244

The document presents an exploratory analysis of the cyber threat landscape associated with the Democratic People's Republic of Korea (DPRK), highlighting their evolution into significant global cyber threat actors involved in espionage, ransomware, and cryptocurrency theft. The research analyzed over 2000 publicly available reports from 2009 to May 2024, identifying 160 distinct code names for DPRK state-sponsored actors and categorizing them into seven groups, alongside documenting 154 notable incidents. The findings, shared as a publicly available dataset, aim to enhance understanding and foster collaboration within the cybersecurity community.

Uploaded by

ines msadaa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
13 views1 page

Citation 388192244

The document presents an exploratory analysis of the cyber threat landscape associated with the Democratic People's Republic of Korea (DPRK), highlighting their evolution into significant global cyber threat actors involved in espionage, ransomware, and cryptocurrency theft. The research analyzed over 2000 publicly available reports from 2009 to May 2024, identifying 160 distinct code names for DPRK state-sponsored actors and categorizing them into seven groups, alongside documenting 154 notable incidents. The findings, shared as a publicly available dataset, aim to enhance understanding and foster collaboration within the cybersecurity community.

Uploaded by

ines msadaa
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 1

Lyu, Jeonggak & Song, Ahyun & Seo, Euiseong & Kim, Gibum. (2025).

An exploratory
analysis of the DPRK cyber threat landscape using publicly available reports.
International Journal of Information Security. 24. 10.1007/s10207-025-00980-x.
Cyber activities have evolved to mirror real-world operations, prompting state-
sponsored intelligence agencies to pivot swiftly to cyberspace. Notably, Democratic
People’s Republic of Korea (DPRK) state-sponsored threat actors have emerged as
significant global players, targeted not only the Republic of Korea but also
engaged in espionage activities worldwide. Their activities have expanded to
include ransomware distribution and cryptocurrency heists, indicating a pursuit of
financial gain. To comprehensively understand and track their activities, the
research utilized exploratory analysis of publicly available reports. This research
involved meticulous analysis of over 2000 publicly available reports spanning a
significant period from 2009 to May 2024. Our analysis focused on identifying the
code names employed in these reports to denote DPRK state-sponsored threat actors.
By analyzing the naming conventions used by cyber threat intelligence companies,
the study clustered groups believed to represent the same entity. This approach
identified 160 distinct code names for these actors. Additionally, the threat
actors were categorized into seven widely recognized groups in the threat
intelligence industry. Furthermore, 154 notable incidents attributed to these
actors were extracted and documented. Detailed analysis of these incidents,
including motivations, targeted sectors, and related factors, provided valuable
insights into the evolving tactics of DPRK state-sponsored threat actors. In a
concerted effort to contribute to the cybersecurity community, our findings have
been openly shared as a dataset and presented through a dedicated website for easy
access. This initiative aims to significantly enhance the understanding of
researchers interested in their activities. The dataset, now publicly available,
serves as a valuable resource for researchers seeking comprehensive material on
their activities. Openly sharing the findings aims to foster collaboration and
further research in the cybersecurity community to effectively combat emerging
threats.

You might also like