Skip to content
Information Technology

Assessed Cyber Structure and Alignments of North Korea in 2023 – Mandiant

Mandiant 2 mins read



A recent assessment by cybersecurity experts at Mandiant reveals intriguing developments in North Korea's cyber landscape. The comprehensive analysis highlights key shifts, shared tooling, and evolving alignments among North Korean threat actors.


In this report, Mandiant provides insights into the changing dynamics of North Korea's cyber operations, as follows:


Continued Evolution of North Korea's Cyber Offensive Program


Mandiant's assessment indicates North Korea's commitment to using cyber intrusions for espionage, financial crimes, and power projection. The regime shows a growing determination to finance both its cyber and kinetic capabilities through cybercrime.


Increased Adaptability and Complexity


Recent operations suggest an increase in adaptability and complexity, including a cascading software supply chain attack – a first for North Korea. Notably, there is a consistent focus on blockchain and fintech targets.


Adaptation and Diversification of Threat Activity


North Korean threat groups continue to adapt, creating tailored malware for different platforms, including Linux and MacOS.


Blending of Cyber Postures


Mandiant's continuous monitoring has revealed a significant multiyear shift and blending of North Korea's cyber posture, leading to overlaps in targeting and shared tooling.


Historical Examples and Clustering for Attribution


The report emphasises the significance of historical examples and uncategorised clustering as a means to maintain visibility on separate threat groups.


The report illustrates the significant transformation of North Korea's cyber landscape since 2009 and notes the overlapping indicators among various organizations. This overlap highlights growing adaptability and collaboration between these threat actors, particularly following the 2020 COVID-19 pandemic.


The report provides insights into various North Korean threat groups and their primary areas of focus, including intelligence gathering, financial crimes, and targeting cryptocurrency industries. Mandiant observes shared tooling and an increasing level of flexibility in their approach, making it challenging for defenders to track and attribute their malicious activities.


Furthermore, the report identifies overlaps and shared resources among different threat groups, complicating attribution efforts. The analysis highlights the DPRK's growing interest in cryptocurrency-related activities, including ransomware, crypto-jacking, and theft, as a means to finance their operations.


Mandiant's experts also point out the increasing sophistication of supply chain attacks conducted by North Korean actors, such as UNC4736 and UNC4899, demonstrating a shift towards more aggressive and broader intrusions.


The report concludes by emphasising that while attribution may become more challenging due to these developments, shared infrastructure and tooling offer opportunities for detection and country-level attribution.


For more details and in-depth insights into the changing landscape of North Korea's cyber activities, you can access the full report at



About us:

Mandiant is a recognised leader in dynamic cyber defence, threat intelligence and incident response services. By scaling decades of frontline experience, Mandiant helps organisations to be confident in their readiness to defend against and respond to cyber threats. Mandiant is now part of Google Cloud.

More from this category

  • Information Technology
  • 28/02/2024
  • 00:07

Tuxera Expands Collaboration With Microsoft on New SMB Licensing Solution

The new agreement allows Tuxera to provide customers SMB technology along with an SMB license from Microsoft in a single solution.HELSINKI, FINLAND / ACCESSWIRE / February 27, 2024 / Tuxera is expanding its collaboration with Microsoft through a new Server Message Block (SMB) partner agreement. The agreement enables innovative business solutions for customers by allowing Tuxera to provide SMB technology and an SMB patent license from Microsoft in one competitively priced solution.Fusion File Share by Tuxera SMB implementation product logo Red TUXERA logo with Fusion File Share by Tuxera logo on a purple nebula space background. "Currently we see huge…

  • Human Resources, Information Technology
  • 27/02/2024
  • 12:00
LinkedIn Asia Pacific

LinkedIn’s latest research illuminates the crucial role of talent development in a world of work transformed by AI

LinkedIn's latest research illuminates the crucial role of talent development in a world of work transformed by AI Last year, technology took centrestage – LinkedIn saw a 21x surge in global English-language job postings mentioning GPT or ChatGPT This year, companies are directing their attention towards talent development. 91% of companies in APAC say they plan to enhance their people’s skills and abilities in the new year, and 44% are looking to provide online training and development programs Companies are also focused on internal mobility. 48% of hiring managers say their priority is to provide career progression for their people…

  • Education Training, Information Technology
  • 27/02/2024
  • 10:59
Charles Darwin University

Expert tests if AI can help teach students accounting

ChatGPT will not be replacing human teachers anytime soon, with a study into the technology’s capabilities finding it can’t help students critically understand academic…

  • Contains:

Media Outreach made fast, easy, simple.

Feature your press release on Medianet's News Hub every time you distribute with Medianet. Pay per release or save with a subscription.