North Korea Threat Overview and Advisories
CISA works to ensure U.S. critical infrastructure, government partners, and others have the information and guidance to defend themselves against North Korea state-sponsored cybersecurity activity.
Recent North Korean state-sponsored cyber activity includes the launching of ransomware campaigns against Healthcare and Public Health Sector (HPH) organizations and other critical infrastructure sector entities. Prioritizing patching of known exploited vulnerabilities is key to strengthening operational resilience against this threat.
North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs
The U.S. government and partners highlight cyber espionage activity associated with the Democratic People’s Republic of Korea (DPRK)’s Reconnaissance General Bureau (RGB) 3rd Bureau based in Pyongyang and Sinuiju.
CISA and Joint CISA Advisories
Review North Korea-specific advisories here.
Key Resources
Defending Against Nation-State Cyber Threats
Find more information on nation-state adversaries and related resources.
Physical Security
Find preventative and protective strategies to strengthen physical security.
Securing Public Gatherings
Find more information on mitigating security risks associated with public gatherings.
CISA Voluntary Cyber Incident Reporting
This resource is designed to help entities that may be considering voluntarily reporting cyber incidents understand “who” CISA recommends report an incident, “why and when” CISA recommends they report, as well as “what and how to report.”