Recorded Future frames North Korean cyber activity as consistent with the state's asymmetric military strategy and self-financing needs rather than irrational behavior. The report identifies the Reconnaissance General Bureau, and likely Bureau 121, as central to North Korea's cyber operations while noting attribution challenges for specific incidents. It cites U.S. government links between North Korean actors, Lazarus Group, Guardians of Peace, Destover, Duuzer, and Hangman, and discusses Lazarus operations against South Korean and U.S. government, media, and financial organizations. The Bangladesh Central Bank SWIFT theft attempt and WannaCry ransomware campaign are presented as a shift toward revenue-generating operations that align with North Korea's broader use of criminal and disruptive activity.