Date: September 26, 2025 (GMT +8)

Time: 08:30

The Democratic People’s Republic of Korea (DPRK) represents one of the most enduring and challenging threats in cyberspace to nation states and private sector companies today. Over the past two decades, DPRK’s cyber capabilities made consistent progress at a rapid pace and continuously evolves with sophistication. Since the pivotal moment in 2013, when Kim Jong-Un declared “cyberwarfare, along with nuclear weapons and missiles, as an All-Purpose Sword (마능의 보검) that guarantees our military’s capability to strike relentlessly”, DPRK has employed offensive cyber operations for an expansive spectrum of objectives. From engaging in DDoS attacks to destructive wiper attacks, political and economic espionage campaigns, to an ever evolving repertoire of financially motivated revenue generation operations, cyber is a key lever of state power wielded to achieve the Kim regime’s strategic priorities.

Since the end of WWII, DPRK remains a totalitarian, closed country, and is considered the most reclusive government in the world. In intelligence parlance, this is a denied area, often requiring significant clandestine government-grade collection capabilities to achieve a very limited understanding of the inner workings of the DPRK state. This status quo holds true with regard to understanding DPRK’s cyber capabilities. For this primary reason, many of the prolific DPRK cyber operations including Dark Seoul, Ten Days of Rain, the Sony Picture Entertainment Hack, the Bangladesh Bank Heist, and WannaCry have been attributed to the “Lazarus Group”. Over time, Lazarus became the mainstream term to refer to the hacking arm of the DPRK government. Due to the dearth in collection coverage, many security researchers stuck with the Lazarus label when attributing DPRK’s intrusions and campaigns, resulting in ambiguity and confusion when others attempt to understand DPRK’s cyber capabilities. Understanding the different institutions within this secretive hermit nation and how they continue to evolve and share resources is paramount in enabling organisations in proactively defend against the DPRK threat.

In that spirit, this presentation will unveil the organisations and structures responsible for DPRK’s cyber operations, offering participants accurate insights into the respective DPRK cyber units. The presentation also examines the evolutionary arc of the DPRK’s offensive cyber program, revealing how the DPRK is dynamically leveraging their cyber capabilities to adapt to their changing geopolitical and economic circumstances. Importantly, the presentation will offer the participants with a current understanding of recent DPRK operations and their respective tactics, techniques, and procedures (TTPs) so as to win the fight against the Adversary.

Speaker

Aaron Ng
Aaron is a Senior Systems Engineer at CrowdStrike where he advises customers on their security needs and solutions. He is currently based in Dubai, and is responsible for the CrowdStrike business across the Middle East, Turkey, and Africa (META) region. Prior to his current stint, Aaron served as a Strategic Threat Advisor where he actively evangelised for the value and pertinence of Cyber Threat Intelligence to organisations across the public and private sectors in the Asia Pacific (APAC) and META regions. Aaron represented CrowdStrike Intelligence, speaking at various Security Conferences including BlackHat MEA, MENA ISC, GovWare, RootCon, AVAR, BSides SG, and SINCON.

Prior to joining the Cybersecurity industry, Aaron served 12 years of Active Duty in the Singapore Armed Forces as a Military Intelligence Officer. He served in multiple command appointments in classified Intelligence units, and garnered staff experience in the areas of strategic planning and policy development. In his penultimate tour of duty, Aaron was instrumental in developing the masterplan for the Digital and Intelligence Service (DIS), the military branch responsible for providing military intelligence to the armed forces, building up Singapore's digital defence capabilities, and protecting the psychological defence of its military personnel.

« Back