North Korea’s Hidden Economy: Cybercrime as a National Strategy

You might think of North Korea as a hermit kingdom, cut off from the world and surviving on sanctions-busting trade and nuclear brinkmanship. But there’s another, far more digital engine powering its economy: cybercrime.

Experts estimate that one-third to half of North Korea’s national budget comes from cyber fraud, ransomware, and digital heists. This isn’t rogue activity — it’s state-sponsored, highly organized, and ruthlessly efficient. And while the world focuses on missile tests and diplomatic standoffs, Pyongyang is quietly draining global financial systems to fund its weapons programs, prop up its failing economy, and maintain control over its population.

The Lazarus Group: North Korea’s Digital Army

At the heart of this operation is the Lazarus Group, a hacking collective believed to operate under the Reconnaissance General Bureau (RGB), North Korea’s primary intelligence agency. First detected in the late 2000s, Lazarus began with crude DDoS attacks against South Korea — but quickly evolved into one of the most sophisticated cybercriminal networks on the planet.

Their targets? Everyone. Banks. Crypto exchanges. Governments. Even individuals.

In 2014, they famously hacked Sony Pictures — not for money, but for revenge. But by 2017, they’d shifted gears, launching the WannaCry ransomware attack that crippled the UK’s NHS and cost over £90 million. In 2019, they stole $15 million from Malta’s Bank of Valletta. And in early 2025, they pulled off the largest crypto heist in history, stealing £1.1 billion from Bybit — a feat that stunned even seasoned cybersecurity experts.

What makes Lazarus so dangerous isn’t just their skill — it’s their persistence. According to crypto investigator Dr. Tom Robinson, they operate around the clock, likely in shifts, using automated tools to launder stolen funds within hours. They’re not just hackers — they’re a digital mafia with state backing.

The Global Cybercrime Ecosystem: It’s Not Just North Korea

While North Korea’s cyber operations are among the most advanced, they’re not alone. The rise of cybercrime-as-a-service (CaaS) has turned hacking into a global cottage industry.

Imagine this: You don’t need to be a tech genius to launch a ransomware attack. You can buy ready-made kits, botnets, and phishing tools on the dark web — often for less than $100. Some even operate on subscription models, like Netflix for criminals.

These tools are developed by underground coders, sold to affiliates, and deployed by anyone with a laptop and a grudge. Profits are split — often 20-30% to the developers — and laundered through cryptocurrencies, making them nearly untraceable.

Even legitimate software is being weaponized. Open-source security tools, meant for ethical hackers, are being repackaged and sold to criminals. The line between “white hat” and “black hat” is blurring — and the consequences are global.

Real-World Damage: When Cybercrime Hits Home

The damage isn’t theoretical. It’s happening right now — in hospitals, banks, and crypto wallets.

• In 2017, WannaCry shut down 34% of NHS trusts in England, forcing cancellations and delays that cost over £90 million.
• In 2019, Bank of Valletta lost $15 million in a Lazarus-led heist — forcing a temporary shutdown and international manhunt.
• In 2025, Bybit lost £1.1 billion — the biggest crypto theft ever recorded. Though the exchange reimbursed users, the stolen funds are still being laundered, with at least £232 million already converted into untraceable cash.

These aren’t isolated incidents. They’re part of a pattern — a global cybercrime economy estimated to be worth $10 trillion annually. That’s twice the size of Germany’s GDP. If it were a country, it would be the third-largest economy in the world.

How to Fight Back: Building a Cyber-Resilient Future

So what can be done?

First, prevention is everything. Once money is stolen, it’s almost impossible to recover — especially when it’s moved through crypto.

Financial institutions need to:

• Enforce multi-factor authentication (MFA) everywhere
• Segment networks to limit breach impact
• Patch systems regularly
• Train employees to spot phishing and social engineering

Governments and regulators must move faster — especially on recognizing digital assets as real property. And international cooperation is critical. Agencies like the NCSC, NCA, and Europol need to share intelligence, disrupt CaaS marketplaces, and seize hot wallets before funds disappear.

There’s also a lesson from Ukraine. After years of hybrid warfare, they moved critical infrastructure to the cloud — distributing it across multiple countries and data centers. This ensures continuity even if local systems are destroyed. It’s a model other nations — and banks — should adopt.

The Bottom Line: Cybercrime Is Now a National Security Issue

North Korea isn’t the only state using cybercrime to fund its regime — Iran, Russia, and others are doing the same. But Pyongyang’s scale, sophistication, and persistence make it a unique threat.

As Jeremy Fleming, former director of GCHQ, warned: This isn’t just a financial crime problem. It’s a national security issue.

The financial services industry — and the governments that regulate it — must treat cyber defense with the same urgency as physical defense. Because in today’s world, a single line of code can do more damage than a missile.

The stakes? Nothing less than the integrity of the global financial system. And if we don’t act now, we’ll be paying the price — in stolen funds, broken institutions, and lost trust — for years to come.