Russia and North Korea Expand Cybersecurity Cooperation in 2025 | Ukraine news

Research findings indicate a new level of coordination between Moscow and Pyongyang.

Russia and North Korea are expanding cooperation in the field of cybersecurity. Gen Digital experts note that two of the most active hacker groups linked to the respective agencies of both countries – Gamaredon and Lazarus – have begun exchanging resources. Gamaredon, associated with the FSB, since the start of the full-scale invasion has focused on attacks on Ukrainian government institutions to gather intelligence; Lazarus is known for cyberattacks of various scales – from espionage to financial crimes.

Michał Salat, Director of Analytics and Threat Intelligence at Gen Digital, described these facts

“unprecedented”

– Michał Salat, Director of Analytics and Threat Intelligence at Gen Digital

and added that there have not been recorded cases of two states coordinating targeted cyberattacks.

Analysts established an overlap of tactics and shared infrastructure: by tracking the use of Gamaredon Telegram channels to exchange command-and-control servers for malware, experts found that one of these servers was also used by Lazarus. In addition, a hidden version of malware associated with Lazarus was found on the Gamaredon server. Such cases are atypical, since hackers working for intelligence agencies usually do not disseminate tools among each other.

Prospects and possible development scenarios

Experts speculate that the groups may use common systems or even interact directly. The data indicate deliberate mimicry of one group by the other and possible cooperation regarding the use of the infrastructure.

In addition to cyber exchange, cooperation between Moscow and Pyongyang is unfolding in other areas. According to experts, Kim Jong Un provided Russia with more than 10 thousand soldiers, who were used against Ukrainian units in the Kursk region, in exchange for certain military technologies. Russia also increases supplies of petroleum products to the DPRK: in 2024 their volume tripled the UN-established annual import limit.

According to other sources, in 2025 North Korea significantly reduced artillery shell deliveries to Russia due to depletion of stocks.

Russia will allocate millions of dollars to oil exploration in North Korea – such information also appears in analysts’ assessments, indicating growing economic interaction between the countries.

Experts conclude: cooperation between Russia and the DPRK in cyberspace is increasing, raising the global cyber threat. It is essential to strengthen monitoring and international data exchange to counter these challenges.