Decrypting North Korea Cyber Operation Strategy: Analyzing the Augmenting Role of Cyber-AI nexus


North Korea’s cyber capabilities deployment can be divided into two categories based on objectives: tactical and strategic. These objectives aim to protect and sustain the regime’s survival, guided by North Korea’s Supreme Leader Kim Yong Un’s Byungjin policy—the parallel development of economic prosperity and nuclear and ballistic missile programs. 

Primarily, North Korea employs cyber offensive operations for external security through cyber theft, cyber espionage, intelligence collection, influence operations, information warfare, and data exfiltration.It also uses cyber operations for internal security including surveillance, border patrolling, and snooping. North Korea is a unique example of an authoritarian state that operationalizes cyber activities through a comprehensive ‘whole-of-system’ approach, working with ministries, state organizations, party tools, and state-sanctioned cyber hackers, due to constrained resources and the nature of state polity. However, with emerging challenges and constrained resources, cyber operations have not been operating and executing efficiently.

To address this, North Korea has adopted emerging technologies like Artificial Intelligence (AI) in its cyber offensive strategy. This aims to reduce the skills gap, identify adversarial vulnerabilities, and improve efficiency. Integration of AI with cyber operations has given North Korea two added advantages: adapting to the changing environment and exploiting adversary vulnerabilities with new tools. 

Some of the regime’s social engineering techniques, such as Distributed Denial of Service (DDoS) attacks, ransomware, spear phishing, watering holes for financial warfare, data infiltration, and cyber espionage, have substantially improved over time. This talk aims to analyze the North Korean cyber operations strategy by applying the integrated operationalization of cyber with AI tools and techniques to improve its internal and external security environment. The talk will cover how North Korean military institutions and intelligence organizations apply the AI-Cyber nexus tool inside and outside the country. The analysis will be based on primary and secondary sources, such as intelligence reports, defense white papers, journals, open-source intelligence, news reports, and ministry statements.

Person photo

Abhishek Sharma

Delhi University

Abhishek Sharma is a Ph.D. Scholar in Korean Studies at the Department of East Asian Studies, Delhi University and a Research Associate with the Centre for Air Power Studies, a military think tank based in New Delhi. His doctoral thesis examines the Strategic Utility of North Korea cyber capabilities. His research interest focuses on the intersection of geopolitics and critical emerging technologies in the Indo-Pacific, particularly cyber capabilities, cyber crimes, and AI. He is a Non-resident Kelly Fellow at Pacific Forum and NASC Fellow at Takshashila Institution. Currently, he is working on a book project titled Minilaterals in Indo-Pacific and India: Perspectives, Power, and Prospects.

He holds a First-Class Master’s degree in International Relations from South Asian University. In 2022, he was selected as the Quadmin Emerging Leader and an NCAFP Emerging Leader, where he contributed a policy brief on Quad’s cyber cooperation and prospects and North Korea’s Peace-time Cyber capabilities. His articles have been featured in several publications, including Nikkei Asia, NK News, The Diplomat, The National Interest, Observer Research Foundation, South Korea Pro, and 9Dashline.