North Korea\u2019s \u2018state-run syndicate\u2019 looks at cyber operations as a survival mechanism | CyberScoop<\/title> <meta name=\"description\" content=\"A new report reveals how North Korea has built a global cybercrime syndicate, blending statecraft and criminal tactics.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/north-korea-cybercrime-dtex-research-center-227\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"North Korea\u2019s \u2018state-run syndicate\u2019 looks at cyber operations as a survival mechanism\"> <meta property=\"og:description\" content=\"A new report reveals how North Korea has built a global cybercrime syndicate, blending statecraft and criminal tactics.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/north-korea-cybercrime-dtex-research-center-227\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-05-15T16:04:25+00:00\"> <meta property=\"article:modified_time\" content=\"2025-05-15T16:04:27+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/north-koreas-state-run-syndicate-looks-at-cyber-operations-as-a-survival-mechanism-2.jpg\"> <meta property=\"og:image:width\" content=\"4856\"> <meta property=\"og:image:height\" content=\"3232\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Greg Otto\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@gregotto\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1746040294g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1747157649g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1747161863g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/84536\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=84536\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fnorth-korea-cybercrime-dtex-research-center-227%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fnorth-korea-cybercrime-dtex-research-center-227%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-84536 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/north-korea-cybercrime-dtex-research-center-227\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"4.9180327868852\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Voting is open for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.690839694656\">\n<div class=\"single-article__header-content\" readability=\"34.40354767184\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/north-korea-cybercrime-dtex-research-center-227\/\"> <span>Geopolitics<\/span> <\/a> <\/li>\n<\/ul>\n<p> A new report from DTEX Systems is the deepest look at how North Korea\u2019s remote IT workforce schemes are the tip of the iceberg when it comes to its cyber operations. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/84536\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/north-koreas-state-run-syndicate-looks-at-cyber-operations-as-a-survival-mechanism.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/north-koreas-state-run-syndicate-looks-at-cyber-operations-as-a-survival-mechanism-2.jpg 4856w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/north-koreas-state-run-syndicate-looks-at-cyber-operations-as-a-survival-mechanism-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/north-koreas-state-run-syndicate-looks-at-cyber-operations-as-a-survival-mechanism-2.jpg?resize=768,511 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/north-koreas-state-run-syndicate-looks-at-cyber-operations-as-a-survival-mechanism-2.jpg?resize=1024,682 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/north-koreas-state-run-syndicate-looks-at-cyber-operations-as-a-survival-mechanism-2.jpg?resize=1536,1022 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/north-koreas-state-run-syndicate-looks-at-cyber-operations-as-a-survival-mechanism-2.jpg?resize=2048,1363 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/north-koreas-state-run-syndicate-looks-at-cyber-operations-as-a-survival-mechanism-2.jpg?resize=600,399 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/north-koreas-state-run-syndicate-looks-at-cyber-operations-as-a-survival-mechanism-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/north-koreas-state-run-syndicate-looks-at-cyber-operations-as-a-survival-mechanism-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/north-koreas-state-run-syndicate-looks-at-cyber-operations-as-a-survival-mechanism-2.jpg?resize=1014,675 1014w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/north-koreas-state-run-syndicate-looks-at-cyber-operations-as-a-survival-mechanism-2.jpg?resize=1267,843 1267w\" sizes=\"(max-width: 1014px) 100vw, 1014px\"><figcaption> Students participate in a commemorative march near the Arch of Triumph in Pyongyang on April 25, 2025, to mark the 93rd anniversary of the Korean People’s Revolutionary Army. (Photo by KIM Won Jin \/ AFP) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"65.952339901478\"><body readability=\"133.54437474977\"><\/p>\n<p>Over the past few years, cybersecurity experts have increasingly said that nation-state operatives and cybercriminals often blur the boundaries between geopolitical and financial motivations. A new report released Wednesday shows how North Korea has flipped that idea on its head. <\/p>\n<p>North Korea has silently forged a global cyber operation that experts now liken to a mafia syndicate, with tactics and organization far removed from other nation-state actors, according to a comprehensive new report released by DTEX Systems.<\/p>\n<p>The study \u2014 based on years of investigations, technical analysis, and work with other open-source intelligence analysts \u2014 pulls back the curtain on a highly adaptive regime that has built its cyber capabilities on a survivalist, profit-driven approach. It reveals a hierarchy blending criminality, espionage, and front-line IT work, coordinated by an authoritarian government that rewards loyalty and secrecy while punishing failure.<\/p>\n<p>Awareness of North Korea\u2019s goals has risen in the past year as many cybersecurity companies have uncovered the depths of the scheme. Mandiant Consulting CTO Charles Carmakal told an audience at the 2025 RSAC Conference that North Korean nationals had attempted to <a href=\"https:\/\/cyberscoop.com\/north-korea-workers-infiltrate-fortune-500\/\">obtain a job at every Fortune 500 company<\/a>, with \u201chundreds\u201d successfully finding remote work. The Department of Justice and U.S. Treasury have respectively issued <a href=\"https:\/\/cyberscoop.com\/doj-indicts-five-in-north-korean-fake-it-worker-scheme\/\">indictments<\/a> and <a href=\"https:\/\/cyberscoop.com\/treasury-sanctions-north-korea-over-remote-it-worker-schemes\/\">sanctioned people and entities<\/a> allegedly involved in North Korea\u2019s effort to take advantage of the link between remote work and specialized technical professionals.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>While DTEX\u2019s report has a wealth of technical information, it also sheds light on the country\u2019s cyber hierarchy, its covert talent pipeline, and the motivations that have driven members of the country\u2019s population to enlist in the scheme. It lists details on North Korea\u2019s \u201cResearch Center 227,\u201d North Korea\u2019s AI-driven cyber warfare unit, as well as hundreds of email addresses that operatives have used to obtain employment. <\/p>\n<p>\u201cThis is less a typical state actor and more akin to a globally dispersed, mafia-style network, where motivations are driven not just by political power, but by a survival mentality rooted in deep economic hardship and familial obligations,\u201d said Michael Barnhart, DTEX principal i3 insider risk investigator and lead author of the report. \u201cOur goal is to expose the human and organizational factors critical to anticipating their next move.\u201d<\/p>\n<figure class=\"wp-block-image size-large\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/north-koreas-state-run-syndicate-looks-at-cyber-operations-as-a-survival-mechanism.png?w=640&ssl=1\" alt class=\"wp-image-84538\"><figcaption class=\"wp-element-caption\">A map of the hierarchy of North Korean\u2019s cyber operations. (Courtesy of DTEX)<\/figcaption><\/figure>\n<p>Two actors highlighted in the report include the personas \u201cNaoki Murano\u201d and \u201cJenson Collins,\u201d who researchers say have worked in areas like Laos and Russia, and are linked to Chinyong IT Cooperation Company, an outfit that has been <a href=\"https:\/\/sanctionssearch.ofac.treas.gov\/Details.aspx?id=43379\">on the U.S. sanctions list since 2023<\/a>. Murano, in particular, has been directly connected with the $6 million <a href=\"https:\/\/cointelegraph.com\/news\/delta-prime-defi-hacked-6-m-arbitrum\">heist targeting DeltaPrime<\/a>, a cryptocurrency platform. <\/p>\n<p>DTEX frames those personas as an example of how North Korea has used false identities to cover for a sophisticated \u2014 and often rigid \u2014 organizational structure. The report details real administrative listings of North Korean IT workers, working for different arms of the North Korean government: the 313th General Bureau, which is part of the country\u2019s Ministry of Munitions Industry (MID), North Korea\u2019s Department of Education, and the Reconnaissance General Bureau (RGB), the country\u2019s primary intelligence service. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Beneath these layers of organization lies a well-defined management hierarchy that mirrors elements of both a state bureaucracy and a criminal syndicate. Many of the original members from other North Korean hacking groups, such as Lazarus Group, have risen through the ranks to become managers and group leaders, responsible for training, overseeing, and deploying new cohorts of cyber operatives. New operatives move between \u201ctraditional\u201d APT hacking groups, freelance IT work, and managerial or advisory roles as needed by the regime\u2019s shifting priorities. <\/p>\n<p>Knowledge and techniques are shared both formally and through familial or school-based networks. The internal competition for favor, resources, and advancement is intense, and advancement often depends as much on family or political connections as technical skill. This carefully orchestrated career and management system ensures that even as operatives rotate or change specialties, the regime retains institutional memory and operational continuity in its cyber campaigns.<\/p>\n<p>Barnhart told CyberScoop that while this grand scheme run by North Korea may mirror the organizational prowess of more developed countries, the commitment to standing up a slice of society dedicated to cybercrime is unlike anything experts have ever seen. <\/p>\n<p>\u201cIt does on the surface resemble how a cyber program would support any nation-state element. That societal part I think is key because seeing that same structure and how DPRK specifically uses it is the unique part,\u201d he said. \u201cThings like the shift in the model where money flows upwards versus downwards wouldn\u2019t appear on an organizational chart but may be one of the oddest frames for a government. Not just from this lens but looking back at other efforts such as <a href=\"https:\/\/2001-2009.state.gov\/p\/inl\/rls\/rm\/21044.htm\">the fake pharmaceuticals from the 90s<\/a> and other physical schemes they have run in the past to generate revenue. This technological angle they\u2019re playing in the modern tech world is just easier than [North Korea\u2019s past] historic efforts.\u201d <\/p>\n<p>The regime is also trying to keep its talent on the cutting edge through the establishment of Research Center 227. Unlike prior North Korean cyber units, this center, staffed by 90 people, operates 24\/7 and supports not only ongoing cyberattacks but also the rapid implementation of intelligence gathered by hacking groups overseas. The report says the center focuses on AI-powered tools, from generating realistic phishing documents and fake identities to developing highly automated exploits for a wide range of the country\u2019s targets.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Research Center 227 also signals a broader shift in the regime\u2019s thinking: recognizing the need for domestic AI capability amid fears that global sanctions could one day cut Pyongyang off from foreign technology. The center\u2019s rapid development coincides with the public launch of AI-equipped suicide drones and increasing integration of AI in non-cyber operations, providing North Korea with new avenues to threaten adversaries. <\/p>\n<p>Even with the heightened scrutiny of the past year, DTEX\u2019s investigation found traditional law enforcement and corporate vetting often falls short in finding these operatives; many companies do not realize they have North Koreans on staff or on contract.<\/p>\n<p>The company also urged security leaders to rethink everything from hiring practices and remote onboarding to technical threat detection. DTEX says beyond technical measures, behavioral red flags are disconnected digital communication, anti-screen-locking software, and suspiciously long work hours.<\/p>\n<p>\u201cEvery business leader and security professional needs to recognize the risks of accommodating remote workers,\u201d said Kevin Mandia, founder of Mandiant and a member of DTEX\u2019s advisory board. \u201cTo empower companies to trust their remote resources is paramount \u2014 especially with North Korea leveraging the opportunity to fund its weapons program.\u201d<\/p>\n<p>You can read the full report on DTEX\u2019s <a href=\"https:\/\/reports.dtexsystems.com\/DTEX-Exposing+DPRK+Cyber+Syndicate+and+Hidden+IT+Workforce.pdf\">website<\/a>. <\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.6876996805112\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/05\/north-koreas-state-run-syndicate-looks-at-cyber-operations-as-a-survival-mechanism-1.jpg?w=640&ssl=1\" alt=\"Greg Otto\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Greg Otto<\/h4>\n<p> Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/north-korea-cybercrime-dtex-research-center-227\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>North Korea\u2019s \u2018state-run syndicate\u2019 looks at cyber operations as a<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[235,282,78,338,4035,302,647,2911,1271,509],"tags":[236,286,86,341,4036,306,240,2913,1274,511],"class_list":["post-7642","post","type-post","status-publish","format-standard","hentry","category-ai","category-cybercrime","category-cybersecurity","category-department-of-justice-doj","category-dtex-systems","category-geopolitics","category-north-korea","category-north-korean-it-workers","category-sanctions","category-treasury-department","tag-ai","tag-cybercrime","tag-cybersecurity","tag-department-of-justice-doj","tag-dtex-systems","tag-geopolitics","tag-north-korea","tag-north-korean-it-workers","tag-sanctions","tag-treasury-department"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ai\/\" rel=\"category tag\">AI<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/department-of-justice-doj\/\" rel=\"category tag\">Department of Justice (DOJ)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/dtex-systems\/\" rel=\"category tag\">Dtex Systems<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/geopolitics\/\" rel=\"category tag\">Geopolitics<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/north-korea\/\" rel=\"category tag\">North Korea<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/north-korean-it-workers\/\" rel=\"category tag\">North Korean IT workers<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/sanctions\/\" rel=\"category tag\">sanctions<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/treasury-department\/\" rel=\"category tag\">Treasury Department<\/a>","tag_info":"Treasury Department","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7642","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7642"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7642\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7642"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7642"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7642"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7642,"date":"2025-05-15T11:04:25","date_gmt":"2025-05-15T16:04:25","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=84536"},"modified":"2025-05-15T11:04:25","modified_gmt":"2025-05-15T16:04:25","slug":"north-koreas-state-run-syndicate-looks-at-cyber-operations-as-a-survival-mechanism","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/05\/15\/north-koreas-state-run-syndicate-looks-at-cyber-operations-as-a-survival-mechanism\/","title":{"rendered":"North Korea\u2019s \u2018state-run syndicate\u2019 looks at cyber operations as a survival mechanism"},"content":{"rendered":"