{"id":40985,"date":"2021-05-21T16:08:23","date_gmt":"2021-05-21T16:08:23","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/32309\/What-Makes-North-Korean-Hacking-Groups-More-Creative.html"},"modified":"2021-05-21T16:08:23","modified_gmt":"2021-05-21T16:08:23","slug":"what-makes-north-korean-hacking-groups-more-creative","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/what-makes-north-korean-hacking-groups-more-creative\/","title":{"rendered":"What Makes North Korean Hacking Groups More Creative?"},"content":{"rendered":"<div class=\"wysiwyg\">\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" loading=\"lazy\" width=\"1024\" height=\"614\" src=\"https:\/\/www.scmagazine.com\/wp-content\/uploads\/2021\/05\/GettyImages-1159161640-scaled-e1621545421702-1024x614.jpg\" alt class=\"wp-image-124597\" srcset=\"https:\/\/www.scmagazine.com\/wp-content\/uploads\/2021\/05\/GettyImages-1159161640-scaled-e1621545421702-1024x614.jpg 1024w, https:\/\/www.scmagazine.com\/wp-content\/uploads\/2021\/05\/GettyImages-1159161640-scaled-e1621545421702-300x180.jpg 300w, https:\/\/www.scmagazine.com\/wp-content\/uploads\/2021\/05\/GettyImages-1159161640-scaled-e1621545421702-768x461.jpg 768w, https:\/\/www.scmagazine.com\/wp-content\/uploads\/2021\/05\/GettyImages-1159161640-scaled-e1621545421702-1536x921.jpg 1536w, https:\/\/www.scmagazine.com\/wp-content\/uploads\/2021\/05\/GettyImages-1159161640-scaled-e1621545421702-2048x1228.jpg 2048w, https:\/\/www.scmagazine.com\/wp-content\/uploads\/2021\/05\/GettyImages-1159161640-scaled-e1621545421702-860x516.jpg 860w, https:\/\/www.scmagazine.com\/wp-content\/uploads\/2021\/05\/GettyImages-1159161640-scaled-e1621545421702-1720x1031.jpg 1720w, https:\/\/www.scmagazine.com\/wp-content\/uploads\/2021\/05\/GettyImages-1159161640-scaled-e1621545421702-156x94.jpg 156w, https:\/\/www.scmagazine.com\/wp-content\/uploads\/2021\/05\/GettyImages-1159161640-scaled-e1621545421702-312x187.jpg 312w, https:\/\/www.scmagazine.com\/wp-content\/uploads\/2021\/05\/GettyImages-1159161640-scaled-e1621545421702-640x384.jpg 640w, https:\/\/www.scmagazine.com\/wp-content\/uploads\/2021\/05\/GettyImages-1159161640-scaled-e1621545421702-1280x768.jpg 1280w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\"><figcaption>North Korean leader Kim Jong Un meets with former U.S. President Donald Trump within the demilitarized zone (DMZ) separating South and North Korea in 2019. (Handout photo by Dong-A Ilbo via Getty Images\/Getty Images)<\/figcaption><\/figure>\n<p>When cybersecurity experts talk about APT groups targeting the U.S. and its allies, they usually end up connecting the activity to one of \u201cThe Big Four:\u201d Russia, China, Iran and North Korea. While these countries are far from the only ones conducting clandestine operations in cyberspace today, they\u2019re often pegged as the most sophisticated and thus tend to get much of the attention.<\/p>\n<p>But that doesn\u2019t mean they all operate the same way. From a preference for writing custom malware code to pioneering new strategies, North Korean hacking groups have shown an innovative spirit that allows them to punch above their weight despite crushing sanctions.<\/p>\n<p>At the 2021 RSA Conference, Dmitri Alperovitch, former co-founder and chief technology officer at Crowdstrike, said North Korean hacking groups, many of which operate under the umbrella name Lazarus Group, stand out considerably from their other Big Four counterparts in the creativity of their hacking campaign tactics and the way they eschew popular commercial offensive tools.<\/p>\n<p>\u201cThey\u2019re in some ways my favorite actor in cyberspace, because they\u2019re just so incredibly innovative,\u201d said Alperovitch, now executive chairman at the Silverado Policy Accelerator.<\/p>\n<p>In the early 2000s, North Korean intelligence agencies like the Reconnaissance General Bureau \u201cpioneered\u201d the concept of destructive cyberattacks in digital skirmishes with their South Korean neighbors, while the country\u2019s 2014 hack of entertainment giant Sony foretold the coming era of hack and leak operations that would be picked up by Russia just a few more years down the line.<\/p>\n<p>Alperovitch said that in recent years, Russian, Chinese and Iranian APTs have increasingly incorporated publicly available commercial offensive hacking tools like Cobalt Strike or open-source tools like the credential harvesting Mimikatz in their operations in lieu of writing their own malware, because they are less expensive and because using commonly available tooling can make it harder to attribute that activity back to a specific nation or actor.<\/p>\n<p>\u201cBut the North Koreans have really shied away from that; they\u2019re still focused on custom development. You can almost call it \u2018Juche\u2019 malware,\u201d Alperovitch said, <a href=\"https:\/\/www.vox.com\/world\/2018\/6\/18\/17441296\/north-korea-propaganda-ideology-juche\" target=\"_blank\" rel=\"noreferrer noopener\">referencing<\/a> Pyongyang\u2019s notorious slogan and ideology for self-reliance and production in the face of a hostile world.<\/p>\n<p>Many countries have incorporated offensive cyber operations into their overall geopolitical strategies, but North Korea was among the first nations to leverage its government hacking capabilities in the cybercrime arena. While some countries use their APT hacking groups as a surgical scalpel or a weapon to carry out targeted goals, Pyongyang uses it as an <a href=\"http:\/\/With intensive information and communication in North Korea\u2019s suspected cyber operations: specifically, Campaign Kimsuky, Operation KHNP, Operation DarkSeoul, Operation Blockbuster, the Bangladesh Central Bank Heist, and Wannacry. The operations will be categorized by operational goals, showing North Korea\u2019s success at achieving its various purposes by these means. In the last section, we suggest a future cyber strategy direction for North Korea based on our analysis of its tactics, techniques and procedures; and how North Korea cooperates with other countries, including countermeasures for countries around the world. Keywords: North Korea, North Korean cyber forces, state-sponsored cyber operations, mixing tactics, techniques and procedures, cyber strategies 3 technology, and the brave RGB with its [cyber] warriors, we can penetrate any sanctions for the construction of a strong and prosperous nation.\u201d\" target=\"_blank\" rel=\"noreferrer noopener\">all-purpose sword<\/a> to carry out a range of interconnected geopolitical and financial objectives. <\/p>\n<p>\u201cWe watched them conduct bank heists around the world. They were targeting, at one point, 16 different financial organizations at once,\u201d said Alperovitch\u2019s co-presenter Sandra Joyce, executive vice president and head of global intelligence at Mandiant.<\/p>\n<p>A miasma of state-connected and adjacent hacking groups are charged with carrying out ransomware attacks, cryptocurrency scams and other moneymaking schemes to help the heavily isolated and cash-strapped country evade economic sanctions and fund the regime. A United Nations report in 2019 estimated that these digital theft and extortion campaigns had transferred more than $2 billion to Pyongyang\u2019s coffers.<\/p>\n<p>North Korea is already cut off from most forms of international commerce by U.S. and global economic sanctions, so it have little to lose by engaging in aggressive offensive operations against other nations. Much of its critical infrastructure is already crumbling and its internet is isolated and closed off from the rest of the world, so it often have little to fear in terms of retaliation in cyberspace outside of China, its pseudo patron state.<\/p>\n<p>\u201cWith intensive information and communication technology, and the brave RGB with its [cyber] warriors, we can penetrate any sanctions for the construction of a strong and prosperous nation,\u201d <a href=\"https:\/\/ccdcoe.org\/uploads\/2019\/06\/Art_08_The-All-Purpose-Sword.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">said <\/a>President and dictator Kim Jong Un in 2013 while visiting the Reconnaissance General Bureau headquarters.<\/p>\n<p>The country\u2019s innovation can even fool some cybersecurity experts. Earlier this year, Google <a href=\"https:\/\/www.scmagazine.com\/home\/security-news\/google-discloses-spearphishing-targeting-security-researchers\/\">revealed details<\/a> behind a year-long campaign by North Korean hackers to pose as members of cybersecurity community to spearphish security researchers. The campaign essentially exploited the professional networking and collaboration that regularly takes place between security researchers around vulnerability research to compromise a number of high-value targets who would otherwise have their guard up.<\/p>\n<p>The actors set up their own research blog as a front, in some cases recycling the work of other researchers and, in at least one case, faking a successful exploit. They also created multiple personas and sockpuppet accounts on social media sites like Twitter, LinkedIn, Telegram, Keybase and Discord, where they shared posts, promoted the work of others and interacted with researchers over direct messages.<\/p>\n<\/p><\/div>\n<section class=\"post-tags\">\n<h2>Topics:<\/h2>\n<p> <a href=\"https:\/\/www.scmagazine.com\/tag\/apt\/\" class=\"button -secondary\">APT<\/a> <\/section>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/32309\/What-Makes-North-Korean-Hacking-Groups-More-Creative.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":40986,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[9302],"class_list":["post-40985","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackergovernmentcyberwarkorea"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>What Makes North Korean Hacking Groups More Creative? 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/what-makes-north-korean-hacking-groups-more-creative\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What Makes North Korean Hacking Groups More Creative? 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/what-makes-north-korean-hacking-groups-more-creative\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-05-21T16:08:23+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/05\/what-makes-north-korean-hacking-groups-more-creative.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"614\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-makes-north-korean-hacking-groups-more-creative\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-makes-north-korean-hacking-groups-more-creative\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"What Makes North Korean Hacking Groups More Creative?\",\"datePublished\":\"2021-05-21T16:08:23+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-makes-north-korean-hacking-groups-more-creative\\\/\"},\"wordCount\":823,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-makes-north-korean-hacking-groups-more-creative\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/05\\\/what-makes-north-korean-hacking-groups-more-creative.jpg\",\"keywords\":[\"headline,hacker,government,cyberwar,korea\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-makes-north-korean-hacking-groups-more-creative\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-makes-north-korean-hacking-groups-more-creative\\\/\",\"name\":\"What Makes North Korean Hacking Groups More Creative? 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-makes-north-korean-hacking-groups-more-creative\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-makes-north-korean-hacking-groups-more-creative\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/05\\\/what-makes-north-korean-hacking-groups-more-creative.jpg\",\"datePublished\":\"2021-05-21T16:08:23+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-makes-north-korean-hacking-groups-more-creative\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-makes-north-korean-hacking-groups-more-creative\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-makes-north-korean-hacking-groups-more-creative\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/05\\\/what-makes-north-korean-hacking-groups-more-creative.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/05\\\/what-makes-north-korean-hacking-groups-more-creative.jpg\",\"width\":1024,\"height\":614},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/what-makes-north-korean-hacking-groups-more-creative\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,government,cyberwar,korea\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackergovernmentcyberwarkorea\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"What Makes North Korean Hacking Groups More Creative?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What Makes North Korean Hacking Groups More Creative? 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/what-makes-north-korean-hacking-groups-more-creative\/","og_locale":"en_US","og_type":"article","og_title":"What Makes North Korean Hacking Groups More Creative? 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/what-makes-north-korean-hacking-groups-more-creative\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-05-21T16:08:23+00:00","og_image":[{"width":1024,"height":614,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/05\/what-makes-north-korean-hacking-groups-more-creative.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/what-makes-north-korean-hacking-groups-more-creative\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/what-makes-north-korean-hacking-groups-more-creative\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"What Makes North Korean Hacking Groups More Creative?","datePublished":"2021-05-21T16:08:23+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/what-makes-north-korean-hacking-groups-more-creative\/"},"wordCount":823,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/what-makes-north-korean-hacking-groups-more-creative\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/05\/what-makes-north-korean-hacking-groups-more-creative.jpg","keywords":["headline,hacker,government,cyberwar,korea"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/what-makes-north-korean-hacking-groups-more-creative\/","url":"https:\/\/www.threatshub.org\/blog\/what-makes-north-korean-hacking-groups-more-creative\/","name":"What Makes North Korean Hacking Groups More Creative? 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/what-makes-north-korean-hacking-groups-more-creative\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/what-makes-north-korean-hacking-groups-more-creative\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/05\/what-makes-north-korean-hacking-groups-more-creative.jpg","datePublished":"2021-05-21T16:08:23+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/what-makes-north-korean-hacking-groups-more-creative\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/what-makes-north-korean-hacking-groups-more-creative\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/what-makes-north-korean-hacking-groups-more-creative\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/05\/what-makes-north-korean-hacking-groups-more-creative.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/05\/what-makes-north-korean-hacking-groups-more-creative.jpg","width":1024,"height":614},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/what-makes-north-korean-hacking-groups-more-creative\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,government,cyberwar,korea","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackergovernmentcyberwarkorea\/"},{"@type":"ListItem","position":3,"name":"What Makes North Korean Hacking Groups More Creative?"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/40985","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=40985"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/40985\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/40986"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=40985"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=40985"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=40985"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}