Introduction

In recent years, the world has seen a significant increase in North Korean cybercrime operations. A series of cryptocurrency heists and laundering schemes, cyber espionage campaigns, and ransomware attacks on critical infrastructures enable the Democratic People’s Republic of Korea (DPRK) to advance its technological and military capabilities and maintain economic stability. The escalating threats posed by these activities to the security of individual nations and the peace and stability of the broader international community have amplified the importance of cybersecurity policy and cooperation between states. As the two primary targets of these attacks, the Republic of Korea (ROK) and the United States (US) under the Yoon-Biden administrations have bolstered alliance collaboration to enhance deterrence and mitigation strategies and capabilities. However, Trump's re-election in the 2024 US presidential elections raises pressing questions about the alliance’s future approach to cybersecurity. The US-ROK alliance remains stronger than ever, but the prospect of Trump’s return to the White House raises concerns about a potential weakening in bilateral relations and cyber cooperation amid the ongoing North Korean cyber threats. This article explores potential trajectories for the US-ROK’s cybersecurity collaboration under Trump’s second term by analyzing trends in North Korean cyber aggression, past and ongoing cooperative efforts, and previous and current policies.

Background on DPRK Cyber Threats and Activities

North Korea’s illicit cyber activities have emerged as a critical global security concern. Groups associated with the DPRK’s primary foreign intelligence agency, the Reconnaissance General Bureau, have been implicated in cryptocurrency thefts, ransomware attacks, and cyberespionage campaigns. It has been reported that such actors—including the notorious Lazarus Group (APT38), Kimsuky (APT43), and Andariel (APT45)—stole an estimated $3 billion between 2017 and 2023. In 2023 alone, these state-sponsored groups stole and laundered hundreds of millions in crypto. Data reveals more precisely that the number of digital assets acquired ranges between $600 million and $1 billion, with at least 20 different platforms having suffered attacks, including Atomic Wallet, Poloniex, CoinEx, and Fantom Foundation.1

Alongside supply chain attacks, groups have been conducting cyber espionage campaigns to steal sensitive and classified intellectual property relevant to the regime’s nuclear program from critical state infrastructures. This includes blueprints and technical information regarding nuclear and energy systems, surveillance and radar technology, military vehicles and artillery, industrial and manufacturing technologies, and more from varying government and private organizations in the defense, aerospace, nuclear, engineering, medical, and energy sectors. These ongoing cyber campaigns have enabled the DPRK to advance its nuclear weapons and missile technological capabilities despite dozens of sanctions imposed by the United Nations and unilaterally by the United States, Japan, the European Union, South Korea, and Australia.2

Although North Korea’s malicious cyber activities are believed to threaten critical industry sectors worldwide, South Korea and the United States remain the primary targets of its attacks. For instance, South Korea’s National Intelligence Service reported that in 2023, the state’s public institutions faced an average of 1.296 million hacking attempts daily by North Korean actors.3 Additionally, a joint advisory released on July 25th, 2024, by multiple U.S. authoring agencies with overseas partners highlights the severity of the growing threat posed to the ROK and the US by advanced North Korean cyberattacks. Delivered by the U.S.’s Federal Bureau of Investigation and Cybersecurity and Infrastructure Security Agency and the Republic of Korea’s National Intelligence Service and National Police Agency, the statement warned about cyber activities targeting critical state infrastructures.4 This was issued alongside a statement by the U.S. Department of Justice regarding the criminal charges against North Korean national Rim Jong-hyok for his involvement in the Andariel group’s deployment of ransomware attacks on South Korean, Taiwanese, and Chinese institutions. Five U.S. defense firms, two U.S. Air Force bases, and the National Aeronautics and Space Administration were among the victims of these operations.5

The DPRK’s cryptocurrency theft disrupts critical infrastructures and causes economic damage to its victims. Furthermore, the theft of sensitive and classified designs, technologies, and intelligence creates avenues for revenue generation. These illicit cyber activities enhance the regime’s strike and defensive military capabilities by enabling nuclear and technological advancements and assert its dominance in regional and global affairs by increasing its political and diplomatic leverage. Consequently, coordinated international action to detect and implement comprehensive mitigation strategies for these threats has become increasingly urgent, especially within the US-ROK alliance.

US-ROK Cooperation Under Trump-Pence and Biden-Harris Administrations

The United States’ current cybersecurity strategy emphasizes preemptive action and an aggressive approach toward cyber threat actors. This “defend forward” cyber security strategy was introduced in 2018 under the Trump administration to secure and protect critical infrastructure and data by disrupting and dismantling threats before they reach American networks. The 2018 National Cyber Strategy states that North Korea, along with other rogue states, “use[s] cyber tools to undermine [American] economy and democracy, steal [American] intellectual property, and sow discord in [American] democratic processes.”6 To safeguard the United States against these threats, the Department of Defense adopted a strategy focused on strengthening defensive measures, cultivating a highly skilled cybersecurity workforce, enhancing international cyber capabilities, and advancing scientific and technological innovation. While North Korean threats were not a central focus of the Trump administration, the US-ROK alliance’s cyber cooperation focused on exchanging intelligence, aligning related policy adjustments, and addressing mutual concerns. Initiatives such as the Cyber Consultations and Integrated Defense Dialogue played key roles in advancing these efforts.

This “defend forward” cyber strategy was further developed in 2023 under the Biden-Harris administration. Compared to the 2018 iteration, the updated framework explicitly described the risks posed by North Korea’s cyber operations and placed greater emphasis on international cooperation with like-minded partners. It states that North Korea remains a persistent threat to the United States as it “has undertaken significant malicious cyber activity related to ransomware and the compromise of cryptocurrency wallets” and “conducted espionage operations against a range of targets related to media, academia, defense companies, and governments, spanning multiple countries.” With the outlook that Allies serve as a “foundational strategic advantage” to the United States, Biden has expanded cyber collaboration with the Republic of Korea to bolster mitigation and deterrence capabilities, paving the way for deeper bilateral relations.7

In celebration of the US-ROK alliance’s 70th anniversary, Presidents Joe Biden and Yoon Suk-yeol met in Washington on April 26th, 2023. During the summit, they recognized the necessity of extending their alliance into the digital domain. Acknowledging that the obligations outlined in the 1953 Mutual Defense Treaty also apply to cyberspace, they established the Strategic Cybersecurity Cooperation Framework, which is centered on three key principles to enhance cyber cooperation: comprehensive cyber threat response, collaboration in information sharing, and coordinated actions.8 Later that same year, Biden and Yoon integrated these initiatives with Japan at the Camp David Summit on August 18, 2023. Their pledges were formalized with the Memorandum of Cooperation on the Trilateral Security Cooperation Framework, which institutionalized and propelled trilateral cybersecurity cooperation. Under these frameworks, united American, South Korean, and Japanese efforts (Japan-United States-Republic of Korea Trilateral Pact) to counter the rapidly evolving DPRK threats to their national security and global peace and prosperity have significantly expanded.

All three states have pledged to actively participate in joint cyber exercises to exchange the best approaches in crisis management and develop parallel response measures to counter malicious cyber activities. An agreement made at the 55th Security Consultative Meeting (SCM) held in 2023 decided for the ROK to regularly participate in the US Cyber Command's annual multinational "Cyber Flag" military drills. Additional field training to enhance preparation and response to critical security challenges, especially non-kinetic, has been conducted through joint exercises like Freedom Shield 24 and Ulchi Freedom Shield 24. Trilateral efforts to promote multi-domain interoperability include the Freedom Edge exercises, which also executed defensive cyber training.

Cyber resilience has also been fostered with expanded cooperation across various sectors. Expert-level exchanges through working groups, such as the Cyber Cooperation Working Group and the US-ROK/Japan-United States-Republic of Korea Working Group to counter cyber threats posed by the DPRK, have deepened cyber cooperation by modernizing capabilities, facilitating situational awareness, and building mutual trust and confidence. Furthermore, bilateral and trilateral cooperation on policy and institutional improvements has been promoted through conventions like the 7th US-ROK Cyber Policy Consultation, the 15th Defense Trilateral Talk, and the 25th Integrated Defense Dialogue. Altogether, these activities have deepened the ties between government, private sector, and academia to enhance deterrence and STEM cooperation, evolve capabilities, and strengthen solidarity between the Republic of Korea, the United States, and Japan.

South Korea’s Proactive Responses

In the face of the increasing qualitative and quantitative DPRK state-sponsored non-kinetic attacks, Seoul has taken significant steps to counter North Korean cyber aggression. Earlier this year, in February, the Republic of Korea released its 2024 National Security Strategy. The previous iteration, authored in 2019 under the Moon Jae-in administration, emphasized a defensive strategy. However, under Yoon, the ROK evolved to adopt an offensive posture to appropriately respond to the increased digital security challenges. The new framework outlines five strategic tasks to preemptively and proactively respond to and deter cyber threats: the strengthening of an offensive posture, establishment of international cooperation with like-minded countries, enhancement of critical infrastructure cyber resilience, development of technologies and sharing of intelligence regarding cyber threats, and engagement between public-private sectors.9

As pledged under this new cyber framework, Seoul has actively sought to raise awareness of cyber issues and collaborate with allies to reach effective resolutions on the matter. During its month-long presidency of the United Nations Security Council (UNSC) in June, it placed cybersecurity concerns at the forefront of the UNSC’s agenda. On June 20th, 2024, the ROK held its first signature event: the “Maintenance of International Peace and Security: Addressing Evolving Threats in Cyberspace” open debate. The meeting emphasized concerns for the international community’s peace and security regarding advancing digital technologies and placed preventing malicious state-sponsored and private cyber activities at the core of the Security Council’s agenda. High-level discussions were fostered as the most pressing incidents were highlighted, including the illicit cyber activities of the DPRK. Cho Tae-yul, the ROK’s Minister for Foreign Affairs and Council President for June, alongside other UN Member States representatives, discussed the DPRK’s use of cryptocurrency theft to generate revenue to fund its weapons of mass destruction and ballistic missile programs.10

Analysis

While the US-ROK alliance currently stands strong with its cybersecurity cooperation, the recent re-election of Trump into the White House has led many worldwide to express concerns for its future. Trump’s first term was underscored by his “America First” policy stance, which prioritized safeguarding American interests as the cornerstone of the nation’s security strategies. In the past, this framework had occasionally strained the US-ROK alliance’s relationship as Trump had demanded nearly $4.7 billion yearly in defense cost-sharing from South Korea. Trump had also threatened to withdraw American forces from South Korea if demands were not met.11 People’s anxieties about a weakening alliance continue as Trump recently remarked on October 15th, 2024, after the 12th Special Measurement Agreement was finalized, that he would make South Korea pay $10 billion a year for defense cost-sharing, a six-fold budget increase demand from 2019.12 With Trump’s re-election, his “America First” approach resurfaces in his renewed pledge to “defend America against all threats” and “protect America against all dangers.”13

The Department of Defense’s “defend forward” strategy will likely remain in the second Trump administration's cybersecurity policy. The DPRK’s persistent and increasingly sophisticated cyberattacks on financial institutions, critical infrastructures, and private enterprises severely threaten national security and economic stability and underscore broader systemic vulnerabilities in governments’ cybersecurity defenses. With the United States firmly positioned in Kim Jong-un’s crosshairs alongside South Korea, the Trump administration is expected to prioritize measures to counter North Korean cyber threats. This may include strengthening cooperation with allies and partners, increasing cyber intelligence sharing efforts, further aligning policy adjustments, and imposing more stringent sanctions to mitigate the risks posed by the evolving cyber warfare capabilities.

Furthermore, the DPRK’s illicit cyber activities pose a significant threat to the global order. North Korea’s cryptocurrency heists and cyber espionage campaigns enable it to advance its nuclear weapons and ballistic missile technology. As a result, it continues to finance the regime and challenge the rules-based order, which provides it with diplomatic and political leverage. Pyongyang’s evasion of sanctions, violation of UN resolutions and international laws, and disregard for the nonproliferation regime undermine global stability by challenging the effectiveness of the liberal international order. Its actions heighten the risk of other rogue states following suit, further destabilizing regional and global peace and security. Protecting and maintaining the global order is particularly in the United States’ interest as it intends to upkeep its stance as a global leader. Trump, who asserts he will “restore [the United States] standing in the world and American leadership abroad,” will want to address this hence rapidly evolving issue to preserve US dominance.14

The defense cooperation between the United States and the Republic of Korea under the Biden-Yoon administrations has demonstrated significant promise through successful joint military efforts and strategic conventions. These initiatives underscore a shared commitment to regional stability and align closely with Trump’s enduring emphasis on reinforcing American national security. Moreover, Trump's willingness to strengthen ties with like-minded nations includes South Korea, a key partner whose national security priorities, strategic objectives, and visions for global peace and order overlap closely with those of the United States. By continuing close collaboration in bilateral defense efforts to deter, preempt, and defeat cyber threats, both nations may more effectively address mutual concerns while advancing a shared vision for a secure and stable global order.

However, there are some developments that may impose tensions on the United States’ relations with the Republic of Korea and other allies. For instance, on his inauguration day, Trump referred to North Korea as a “nuclear power.”15 Although it is too early to decipher with certainty the exact intention behind this remark, some speculate it signals an implicit recognition of the DPRK as a de facto nuclear arms state. This would be considered part of a broader strategy to reopen negotiations with Kim Jong-un. While US efforts to reengage with North Korea could be a step forward in rekindling and improving any bilateral relations, its approach must be carefully planned to ensure meaningful and effective dialogue. Trump should refrain from using language that risks legitimizing Kim or weakening US diplomatic leverage. Acknowledging the DPRK as a nuclear arms state would severely undermine international efforts to hold the regime accountable for its numerous violations against the Nuclear Non-Proliferation Treaty and the United Nations Security Council’s resolutions, essentially condoning its misconduct. This would only encourage similar rogue states and contribute to global destabilization.

Trump’s overture has also fueled speculation about a potential shift away from the United States’ longstanding commitment to the complete denuclearization of the DPRK. While a recalibrated North Korean policy strategy is in order, any re-engagement with the North must be carefully crafted with South Korea’s safety and stability in mind, especially with the ongoing political turmoil following Yoon’s declaration of martial law. The United States continues to recognize international law and its obligations under treaties and international agreements. Therefore, it should adopt a North Korea policy that does not threaten the security of its allies and the broader global community. Collaboration with allies to brainstorm new approaches toward North Korea would ease any concerns arising from Trump’s recent remarks toward the DPRK. To prevent uncertainty from arising and maintain stability, Washington should coordinate closely with its allies, namely the Republic of Korea and Japan, to develop a cohesive strategy that balances diplomatic engagement with firm deterrence measures. Proactive collaboration in information sharing and policy coordination is essential in ensuring a well-aligned and uniformly accepted approach toward North Korea. These efforts would help produce a robust and effective strategy while simultaneously reinforcing trust and strengthening existing alliances by demonstrating the United States' unwavering commitment to regional security.

Even if Washington attempts to reengage with Pyongyang, success in any potential efforts remains doubtful, considering the events that unfolded after the 2019 Hanoi Summit. Kim is unlikely to place trust in Trump after his previous unfulfilled promises and their diplomatic failures. Furthermore, North Korea has undergone a stark policy shift in the last year, officially abandoning all efforts to reunify the Peninsula and engage with the US. This move most likely sparked discontent among North Korean citizens, given that reunification has been a foundational goal of the regime. Some reports from the last few months, such as those dealing with the 2024 summer floods and defections of members of the social elite class, hint at a rise in public dissatisfaction with Kim’s handling of state affairs.16 This suggests that any perceived concessions to the United States may further erode domestic trust in his rule, especially since his official declaration of a policy away from the US and ROK. To mitigate internal unrest, Kim is unlikely to entertain US overtures, even for strategic purposes.

Moreover, given his deepening ties with Russia, Kim may no longer have any incentive to engage with the United States. With Putin’s support, Trump may no longer serve as a necessary diplomatic player for Kim. Instead, it is plausible for Kim to invest efforts in strengthening relations with China and further expanding trilateral cooperation between the DPRK, Russia, and China. Meanwhile, Trump should prioritize reinforcing existing US alliances rather than attempting to court North Korea. Any overtures to Kim may risk straining relations with key regional allies, particularly South Korea and Japan. Instead, Trump should focus on further enhancing the bilateral US-ROK and trilateral Japan-United States-Republic of Korea security coordinations to deter North Korean threats while exploring possible new diplomatic approaches towards the DPRK.

Conclusion

North Korea's illicit and malicious cyber activities—ranging from cryptocurrency heists to ransomware attacks—play a monumental role in funding the regime’s nuclear weapons and ballistic missile programs, advancing its military capabilities, sustaining its fragile economy, and bolstering its political leverage. As these operations pose a growing threat to global stability, they highlight the urgent need for robust international cybersecurity cooperation.

The United States and the Republic of Korea have made significant strides in developing aligned strategies and enhancing joint capabilities to detect and deter North Korean cyber threats. As a result, the Alliance’s strategic defense partnership plays a crucial role in maintaining regional and global security. However, shifts in leadership in both nations and past tensions from Trump's first administration present potential challenges for the Alliance. To safeguard shared security interests, both nations should continue to invest in bilateral cooperation, especially In cybersecurity deterrence.

While a revised policy approach toward North Korea is encouraged, the United States should avoid drastic shifts undermining alliance cohesion. Maintaining close relations and cooperation with nations with mutual values and security objectives is essential for detecting and deterring North Korean threats. Overall, deeper ties and defense coordination between the United States and the Republic of Korea would contribute to long-term regional peace and stability in a complex and tense geopolitical landscape.

By NKR Intern Ludovica Duchini

***The views herein do not necessarily reflect the views of Yonsei Institute of North Korean Studies or North Korean Review***

Endnotes

1. Chiang, Sheila, "North Korea Crypto Hacking Activity Soars to Record High in 2023, New Report Shows." Consumer News and Business Channel. January 24, 2024. https://www.cnbc.com/2024/01/24/north-korea-crypto-hacking-activity-soars-to-record-hi gh-in-2023-new-report-shows.html.; Greig, Jonathan, “UN Probing 58 Alleged Crypto Heists by North Korea Worth $3 billion,” The Record. March 22, 2024. https://therecord.media/north-korea-cryptocurrency-hacks-un-experts.

2. Council on Foreign Relations. “What to Know About Sanctions on North Korea.” Backgrounder. Last updated July 27, 2022. https://www.cfr.org/backgrounder/north-korea-sanctions-un-nuclear-weapons#chapter-titl e-0-5/.

3. 양민철. "국정원 ‘공공분야 해킹 80%가 북한발...김정은 진두지휘.’” KBS뉴스, January 24, 2024. https://news.kbs.co.kr/news/pc/view/view.do?ncd=7874396.

4. Cybersecurity and Infrastructure Security Agency. “North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs.” Cybersecurity Advisory. Released July 25, 2024. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a.

5. U.S. Department of Justice. “North Korean Government Hacker Charged for Involvement in Ransomware Attacks Targeting U.S. Hospitals and Health Care Providers.” Office of Public Affairs-Press Releases. Updated July 26, 2024. https://www.justice.gov/opa/pr/north-korean-government-hacker-charged-involvement-ra nsomware-attacks-targeting-us-hospitals.; Rewards for Justice. “Rim Jong Hyok (림종혁).” North Korea–Individual. Accessed November 2024. https://rewardsforjustice.net/rewards/rim-jong-hyok-림종혁/.

6. Trump White House Archives. "National Cyber Strategy,” p3. Accessed December 2024.

   https://trumpwhitehouse.archives.gov/wp-content/uploads/2018/09/National-Cyber-Strate

   gy.pdf.

7. Ibid; U.S. Department of Defense. “Summary: 2023 Cyber Strategy.” September 12,

   2023.

   https://media.defense.gov/2023/Sep/12/2003299076/-1/-1/1/2023_DOD_Cyber_Strategy

   _Summary.PDF.

8. 대한민국 대통령실. “Strategic Cybersecurity Cooperation Framework.” Accessed

   December 2024. https://www.president.go.kr/download/644956452f9e3.

9. Office of the President, Republic of Korea. “National Cybersecurity Basic Plan Executive

   Summary.” Briefing Room. Released September 1, 2024.

   https://eng.president.go.kr/briefing/TE0xsLB6.

10. United Nations. “Press Conference by Security Council President on Programme of Work

    for June.” Meetings Coverage and Press Releases. June 3, 2024.

    https://press.un.org/en/2024/240604_sc.doc.htm.

11. Moon, Chung-in. “Peril with Little Promise: The US Presidential Election and South

    Korea's Dilemma.” GlobalAsia 19, no. 2 (June 2024). https://www.globalasia.org/v19no2/focus/peril-with-little-promise-the-us-presidential-ele ction-and-south-koreas-dilemma_chung-in-moon.

12. Kim, Eun Joong. “Trump Says 'Money Machine' Korea Should Pay $10 Billion a Year for US Troops.” The Chosun Daily, October 17, 2024. https://www.chosun.com/english/national-en/2024/10/17/EPKQS6EJ5RANBNEZAJL62 DXU5M/.

13. Donald J. Trump. “Issues.” Trump-Vance 2024. Accessed December 30, 2024. https://www.donaldjtrump.com/issues.

14. Ibid.15. Ji, Da-gyum “Trump calls Kim Jong-un ‘Nuclear Power,’ Touts Rapport.” The Korea

Herald. January 21, 2025. https://www.koreaherald.com/article/10403884.16. Bernal, Gabriela. "North Korean Elites are Unhappy. But Don’t Expect a Mass Exodus.”

NK News, October 4, 2024.

https://www.nknews.org/2024/10/north-korean-elites-are-unhappy-but-dont-expect-a-mas s-exodus/.

Other referenced sources:

1. Bae, Sunha. “The Expanding Horizon of U.S.-ROK Cybersecurity Cooperation: From Military Security to Cyber Defense.” Korea on Point. November, 25, 2024. https://koreaonpoint.org/view.php?idx=357.

2. Biden, Joseph R. and Yoon, Suk Yeol. “Strategic Cybersecurity Cooperation Framework Between the Republic of Korea and the United States of America.” 대한민국 대통령실. April 27, 2023. https://www.president.go.kr/download/644956452f9e3.

3. Carlin, Robert L. And Hecker, Siegfried S. “Kim Jong Un Welcomes Donald J. Trump to Second Term.” 38 North. January 10, 2025. https://www.38north.org/2025/01/kim-jong-un-welcomes-donald-j-trump-to-second-term /.

3. Eom, Tae Yeon. "AI and Cybersecurity in Digital Warfare on the Korean Peninsula." Georgetown Journal of International Affairs, July 10, 2024. https://gjia.georgetown.edu/2024/07/10/ai-and-cybersecurity-in-digital-warfare-on-the-ko rean-peninsula/.

4. Garcia, Sebastian. “Facing the North Korean Cyber Threat: United States-South Korea Coordination in Cyberspace.” Asia Dispatches, August 29, 2024. https://www.wilsoncenter.org/blog-post/facing-north-korean-cyber-threat-united-states-so uth-korea-coordination-cyberspace.

5. Horschig, Doreen. "How Are Cyberattacks Fueling North Korea’s Nuclear Ambitions?" Center for Strategic & International Studies. July 31, 2024. https://www.csis.org/analysis/how-are-cyberattacks-fueling-north-koreas-nuclear-ambitio ns.

6. Kim, Ellen. “How Kim Jong-un Could Challenge Donald Trump's Foreign Policy 2025.” National Interest. November 21, 2024. https://nationalinterest.org/feature/how-kim-jong-un-could-challenge-donald-trumps-forei gn-policy-2025-213821/.

7. Lee, Michelle Ye Hee. “North Korea’s Kim Jong Un Has Never Been More Brazen — Or in Demand.” The Washington Post, November 15, 2024. https://www.washingtonpost.com/world/2024/11/15/north-korea-jong-un-confident/.

8. Revere, Evans J.R. “Strong ties, high anxiety: The US-Korean alliance ahead of the 2024 election.” Brookings, September 16, 2024. https://www.brookings.edu/articles/strong-ties-high-anxiety-the-us-korean-alliance-ahead -of-the-2024-election/.

9. Stent, Dylan. “How North Korea’s Cryptocurrency Theft Supports Foreign Policy Goals.” Georgetown Journal of International Affairs, May 27, 2024. https://gjia.georgetown.edu/2024/05/27/how-north-koreas-cryptocurrency-theft-supports- foreign-policy-goals/.

10. Wood, Natasha. “South Korea’s 2024 Cyber Strategy: A Primer.” Center for Strategic and International Studies, August 2, 2024. https://www.csis.org/blogs/strategic-technologies-blog/south-koreas-2024-cyber-strategy- primer.