The Peninsula

2025 Year in Review: U.S.-South Korea Alliance Faces Record North Korean Cybercrime

The following is part of a new miniseries from KEI surveying the most important developments and trends in the U.S.-South Korea relationship in 2025. You can read all year-in-review pieces by clicking here.

2025 marked a new high for North Korean cybercrime. The unprecedented February 21 theft of USD 1.46 billion in Ethereum tokens from the Dubai-based cryptocurrency exchange Bybit became the largest cryptocurrrency heist in history, causing downturns across the global cryptocurrency market. This singular theft from the North Korean government-linked hacking collective Lazarus Group accounted for the lion’s share of the total USD 2 billion worth of cryptocurrency North Korean hackers stole in 2025, breaking the previous annual record of USD 1.7 billion stolen in 2022.

Development of new tactics like embedding fake tax invoices with Remote Access Trojan (RAT) malware, developing the new blockchain-based EtherRAT malware, and exploiting innovations in AI-powered cyber operations have enabled North Korea-linked cybercriminals to become bolder and more effective in stealing funds from around the world to finance the development of weapons of mass destruction (WMD) for the Kim Jong Un regime. The United Nations most recently estimated in 2024 illicit cyber activity accounts for up to 40 percent of North Korean WMD research and development.

As the most lucrative source of income for a heavily sanctioned and isolated state, North Korea’s digital exploits will continue to grow as a threat to the U.S., South Korea, and even Pyongyang’s ostensible ally, Russia. the rest of the world. The regime’s prowess in this space also poses tangible security threats to data privacy, tech companies, hospitals, and others. These cyber attacks and data breaches are often the result of extensive scams in which North Korean hackers pose as IT workers using stolen identities to get recruited into U.S. firms, which has caused breaches in several Fortune 500 companies.

Fortunately, 2025 has also been a year of improvement in U.S.-South Korea cybersecurity cooperation. South Korea continues to build on its adoption of “offensive cyber defense” capabilities in line with its 2024 National Cybersecurity Strategy, adopting the best practices from the U.S. Defense Forward cybersecurity posture that seeks to proactively identify and shut down potential sources of cyberattacks. The expansion of the joint U.S.-South Korea Cyber Alliance drills and South Korean participation in multinational U.S.-led cybersecurity drills further enhance the alliance’s capabilities in intelligence sharing, joint attribution, and deterrence measures.

But more work remains to increase the adoption of cybersecurity best practices and encourage information sharing among government agencies and private firms in both countries. South Korea has also faced setbacks in adopting comprehensive legislation to implement the reforms called for in the National Cybersecurity Strategy, and current regulations favoring domestic cybersecurity firms over international firms can slow down the adoption of innovations pioneered by U.S.-based enterprises. Microsoft’s Azure cloud services passing the rigorous certification process for use by South Korean government agencies in December 2024 and Google Cloud’s similar certification announcement in February 2025 show positive signs for enhancing partnerships between U.S. companies and the South Korean government.

As the two sides negotiate new economic and security terms for the alliance, the responsibility will rest with the Donald Trump and Lee Jae Myung administrations to uphold the U.S.–South Korea commitment to mutual defense in cyberspace and to coordinate more effectively against an evolving North Korean cyber threat.

George Sebastian Garcia is Program Officer at the Korea Economic Institute of America (KEI). All views presented here are the author’s alone.

Feature image from Shutterstock.

KEI is registered under the FARA as an agent of the Korea Institute for International Economic Policy, a public corporation established by the government of the Republic of Korea. Additional information is available at the Department of Justice, Washington, D.C.