North Korea establish Military Cyber Center to conduct espionage

In recent years, intelligence agencies in Western countries have reached a troubling conclusion: North Korea, led by Kim Jong Un, has been orchestrating cyber-attacks to steal cryptocurrency in order to fund its nuclear weapons program. Now, an alarming new development has come to light, one that raises significant concerns globally. North Korea has established a cutting-edge Military Research Facility designed to enhance the country’s digital warfare capabilities.

Known as Research Center 227, this state-of-the-art facility will operate under the authority of the Reconnaissance General Bureau (RGB), North Korea’s main intelligence agency. Its primary purpose is to launch cyber-attacks against foreign adversaries, gather sensitive intelligence, and pilfer financial assets, including cryptocurrencies, to support the nation’s ongoing ambitions.

What sets this facility apart is its use of Artificial Intelligence (AI). The center will be staffed by over 5,000 highly trained personnel working in three shifts, all focused on maximizing their return on investment through cyber operations.

The creation of Research Center 227 was a personal vision of Kim Jong Un, who gave the order to begin its development in February 2024. By December of the same year, the facility was operational, though it still required additional personnel and technological infrastructure. As of March 9, 2025, all essential resources were in place, solidifying the center’s role in bolstering North Korea’s ability to infiltrate the critical infrastructure of developed nations.

Located in Mangyongdae, the center will operate independently from North Korea’s headquarters in the Hyongjesan District. It is designed to disrupt and bypass foreign security frameworks, enabling the facility to conduct a range of cyber activities, from data theft to the automation of intelligence gathering and analysis.

While North Korea argues that Research Center 227 is similar to the United Kingdom’s National Cyber Security Centre (NCSC) – a cyber arm of GCHQ – Europol has expressed deep concerns about its true purpose. According to the European law enforcement agency, the facility is likely to be used to launch cyber-attacks aimed at spreading disinformation, stealing cryptocurrencies from individuals and exchanges, targeting the global banking sector to siphon fiat currency, creating deepfake videos to sow social division, and executing social engineering attacks such as phishing and malware distribution.

Unfortunately, aside from imposing sanctions, Western powers, including the United States, currently lack the authority to shut down North Korea’s military cyber center. However, there is always the possibility of stronger action, particularly if the White House under President Donald Trump, takes the matter seriously. During his presidency, Trump had previously threatened to take extreme measures, including bombing North Korea’s nuclear facilities, resulting in their temporary shutdown.