North Korea Cyber Threat Overview and Advisories

CISA works to ensure U.S. critical infrastructure, government partners, and others have the information and guidance to defend themselves against North Korea state-sponsored cybersecurity activity.

North Korea's cyber program will pose a sophisticated and agile espionage, cybercrime, and attack threat. Pyongyang's cyber forces have matured and are fully capable of achieving a variety of strategic objectives against diverse targets, including a wider target set in the United States and South Korea. North Korea will continue its ongoing cyber campaign, particularly cryptocurrency heists; and maintain a program of IT workers serving abroad to earn additional funds. -ODNI 2024 Threat Assessment

Recent North Korean state-sponsored cyber activity includes the launching of ransomware campaigns against Healthcare and Public Health Sector (HPH) organizations and other critical infrastructure sector entities. Prioritizing patching of known exploited vulnerabilities is key to strengthening operational resilience against this threat.

Outline of the country of North Korea with flag and binary number background.

North Korea State-Sponsored Ransomware Activity

The U.S. government and partners have attributed numerous ransomware attacks to North Korea state-sponsored actors. Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities details the actors' tactics and the use of cryptocurrency to demand ransom.

View advisory

CISA and Joint CISA Advisories

Review North Korea-specific advisories here.

View Publications

Key Resources

Defending Against Nation-State Cyber Threats

Find more information on Nation-State adversaries and related resources.