Analytical Insights on Incidents

Annual Number of Incidents

Confirmed security incidents per year, tracing the escalation of DPRK-attributed cyber operations and their strategic evolution since 2009.

World Map of Incidents

Global distribution of victim locations, illustrating the worldwide reach of DPRK cyber operations beyond the Korean Peninsula.

Incidents by Country

Countries with the most confirmed incidents, identifying primary target nations and regional patterns in DPRK offensive operations.

Attack Motivations

Classification of incidents by strategic purpose — espionage, financial theft, disruption, or other — reflecting DPRK's diverse cyber objectives.

Target Sectors

Industries most frequently victimized, from cryptocurrency and finance to defense and government, highlighting DPRK's sectoral targeting priorities.

Victim Locations

Regional breakdown of incident victims, showing which parts of the world bear the greatest exposure to DPRK cyber threats.

Annual Number of Incidents by Attack Motivation

How attacker priorities have shifted over the years between espionage, financial, and destructive operations, reflecting DPRK's evolving strategic needs.

Annual Number of Incidents by Target Sector

Evolution of targeted industries over time, revealing strategic shifts such as the notable pivot toward financial and cryptocurrency sectors after 2015.

Incidents by Related Report Count

Incidents covered by the most CTI reports, representing the most scrutinized and publicly documented DPRK operations.