North Korea’s cyber capabilities deployment can be divided into two categories based on objectives: tactical and strategic. These objectives aim to protect and sustain the regime’s survival, guided by North Korea’s Supreme Leader Kim Yong Un’s Byungjin policy—the parallel development of economic prosperity and nuclear and ballistic missile programs.
Primarily, North Korea employs cyber offensive operations for external security through cyber theft, cyber espionage, intelligence collection, influence operations, information warfare, and data exfiltration.It also uses cyber operations for internal security including surveillance, border patrolling, and snooping. North Korea is a unique example of an authoritarian state that operationalizes cyber activities through a comprehensive ‘whole-of-system’ approach, working with ministries, state organizations, party tools, and state-sanctioned cyber hackers, due to constrained resources and the nature of state polity. However, with emerging challenges and constrained resources, cyber operations have not been operating and executing efficiently.
To address this, North Korea has adopted emerging technologies like Artificial Intelligence (AI) in its cyber offensive strategy. This aims to reduce the skills gap, identify adversarial vulnerabilities, and improve efficiency. Integration of AI with cyber operations has given North Korea two added advantages: adapting to the changing environment and exploiting adversary vulnerabilities with new tools.
Some of the regime’s social engineering techniques, such as Distributed Denial of Service (DDoS) attacks, ransomware, spear phishing, watering holes for financial warfare, data infiltration, and cyber espionage, have substantially improved over time. This talk aims to analyze the North Korean cyber operations strategy by applying the integrated operationalization of cyber with AI tools and techniques to improve its internal and external security environment. The talk will cover how North Korean military institutions and intelligence organizations apply the AI-Cyber nexus tool inside and outside the country. The analysis will be based on primary and secondary sources, such as intelligence reports, defense white papers, journals, open-source intelligence, news reports, and ministry statements.