dprk-cyber-espionage.pdf (2 MB)

The HHS briefing summarizes DPRK cyber activity as a state instrument for espionage, disruption and revenue generation, noting reported growth in North Korean network activity and a claimed cyber workforce of about 7,000 operators. It profiles HIDDEN COBRA/Lazarus, Andariel, APT37 and APT38, describing targets that include finance, aerospace and defense, healthcare, media, South Korean government and military entities, and banks or cryptocurrency organizations. The source highlights shared tooling and attribution difficulty across DPRK groups, and lists representative malware and vectors such as FALLCHILL, HOPLIGHT, spear phishing, social engineering, HWP/Adobe Flash vulnerabilities, watering-hole activity and supply-chain abuse.