Multi-Nation Threats

Other Nation-State Threats

North Korea's billion-dollar cryptocurrency operations, the emerging CRINK alliance, and how adversary nations increasingly coordinate cyber attacks against American targets.

North Korea CRINK Alliance

$5B+

Stolen by N. Korea (2021-25)

8,400

N. Korean cyber personnel

Fortune 500

Unknowingly hired NK workers

Nations in CRINK alliance

North Korean Cyber Operations

Lazarus Group and state-sponsored financial theft

Lazarus Group has stolen over $5 billion in cryptocurrency since 2021 to fund North Korea's nuclear weapons program. Nearly every Fortune 500 company has unknowingly hired North Korean IT workers.

Major Cryptocurrency Heists

Bybit Hack

Largest crypto exchange theft ever

$1.5 billion

2025

2024 Total

47 separate incidents

$1.3 billion

2024

5-Year Total

UN-tracked operations

$5+ billion

2021-2025

WannaCry Impact

150 countries affected

200,000 systems

2017

Operational Capacity

8,400 Personnel
Including IT infiltrators, crypto thieves, military hackers
Dual Operations
Ransomware + espionage, sometimes same day
Nuclear Funding
Crypto theft directly funds weapons programs

WannaCry Ransomware (2017)

The Lazarus Group's WannaCry attack paralyzed nearly 200,000 computers across 150 countries in just 7 hours. Major targets included Russia, India, Ukraine, and Taiwan.

200,000 computers150 countries7 hours

IT Worker Infiltration

North Koreans working remotely for American companies

Nearly every Fortune 500 CISO interviewed by Mandiant (Google Cloud) admitted to unknowingly hiring at least one North Korean IT worker. These workers have funneled up to $1 billion to Kim Jong Un's nuclear program.

$88M

Generated by 14 operatives (6 years)

137

Laptops seized (June 2025)

Premises searched across 14 states

How It Works

North Korean operatives use fake identities to apply for remote IT jobs
US-based "laptop farms" host their work equipment to mask true location
Workers gain access to sensitive data, source code, and ITAR-controlled information
Salaries funneled to Pyongyang to support weapons development

The CRINK Alliance

China, Russia, Iran, and North Korea are increasingly coordinating their cyber operations, sharing tools, techniques, and targets against Western nations.

China

View details →

Espionage, IP theft, critical infrastructure

Russia

View details →

Ransomware, infrastructure attacks, disinformation

Iran

View details →

Water systems, election interference, retaliation

North Korea

View details →

Financial theft, cryptocurrency, ransomware

Shared Infrastructure

Security researchers have observed APT groups from these four nations sharing malware, command-and-control infrastructure, and operational tactics. What works for one nation is often adopted by others.

Multi-Nation Supply Chain Threats

Hardware Compromise

Components manufactured abroad may contain backdoors or malicious modifications

China

Software Supply Chain

Attackers infiltrate software updates to compromise thousands of victims at once

Russia (SolarWinds), N. Korea

Insider Threats

Foreign nationals employed remotely can access sensitive systems

North Korea (IT workers)

Understanding the Full Threat Landscape

Nation-state threats don't operate in isolation. Understanding how adversaries coordinate helps you better defend against all of them.

All Threats Protection Guide

Iran Threats All Threat Categories

Multi-Nation Supply Chain Threats

Hardware Compromise

Components manufactured abroad may contain backdoors or malicious modifications

China

Software Supply Chain

Attackers infiltrate software updates to compromise thousands of victims at once

Russia (SolarWinds), N. Korea

Insider Threats

Foreign nationals employed remotely can access sensitive systems

North Korea (IT workers)