An exploratory analysis of the DPRK cyber threat landscape using publicly available reports

Cyber activities have evolved to mirror real-world operations, prompting state-sponsored intelligence agencies to pivot swiftly to cyberspace. Notably, Democratic People's Republic of Korea (DPRK) state-sponsored threat actors have emerged as significant global players, targeted not only the Republic of Korea but also engaged in espionage activities worldwide. Their activities have expanded to include ransomware distribution and cryptocurrency heists, indicating a pursuit of financial gain. To comprehensively understand and track their activities, the research utilized exploratory analysis of publicly available reports. This research involved meticulous analysis of over 2000 publicly available reports spanning a significant period from 2009 to May 2024. Our analysis focused on identifying the code names employed in these reports to denote DPRK state-sponsored threat actors. By analyzing the naming conventions used by cyber threat intelligence companies, the study clustered groups believed to represent the same entity. This approach identified 160 distinct code names for these actors. Additionally, the threat actors were categorized into seven widely recognized groups in the threat intelligence industry. Furthermore, 154 notable incidents attributed to these actors were extracted and documented. Detailed analysis of these incidents, including motivations, targeted sectors, and related factors, provided valuable insights into the evolving tactics of DPRK state-sponsored threat actors. In a concerted effort to contribute to the cybersecurity community, our findings have been openly shared as a dataset and presented through a dedicated website for easy access. This initiative aims to significantly enhance the understanding of researchers interested in their activities. The dataset, now publicly available, serves as a valuable resource for researchers seeking comprehensive material on their activities. Openly sharing the findings aims to foster collaboration and further research in the cybersecurity community to effectively combat emerging threats.