The UK (UK) and South Korea (Republic of Korea or ROK) are making ready for the subsequent iteration of their bilateral Cyber Dialogue, to be held within the first half of 2026. The assembly will search to reaffirm their dedication to the UK-ROK Strategic Cyber Partnership and improve cooperation between the 2 nations on cyber safety points.
One decisive query, nevertheless, stays: what does impactful collaboration seem like when companions confront completely different adversaries? Can cooperation be efficient if companions don’t prioritise the identical risk actor?
Proof of rising alignment between North Korea and Russia in our on-line world sharpens this dilemma. As Pyongyang and Moscow deepen coordination, risk landscapes that when appeared regionally distinct have gotten more and more intertwined. On this context, London and Seoul ought to broaden joint efforts to determine, analyse and mitigate shared dangers. If adversaries are converging within the cyber area, allied responses should be equally built-in, structured and forward-leaning.
Who’re the UK and South Korea’s Predominant Threats in our on-line world?
North Korea is the first risk to South Korea’s nationwide safety. The Kim regime threatens the South with its nuclear arsenal and conducts various hybrid risk exercise in opposition to its neighbour.
This holds too for our on-line world. South Korea’s Nationwide Intelligence Service present in 2023 that 80 p.c of cyberattacks in opposition to public sector networks are linked to North Korea, roughly 1.3 million a day. Furthermore, North Korea linked actors conduct common cyberattacks in opposition to vital infrastructure within the South, such because the Incheon Airport, South Korea’s largest industrial airport, as a part of wider disruption actions.
Extra broadly, North Korean actors conduct cybercriminal actions to lift income, a lot of which is channelled into ballistic missile and nuclear packages. In 2024, North Korean cyber criminals have been estimated to have stolen USD $1.34 billion by means of cryptocurrency hacks; conducting refined operations in opposition to high-value targets, such because the Japanese crypto trade DMM Bitcoin.
North Korean cyber risk actors have been so profitable that US officers have described them as “the world’s main financial institution robbers.” These revenues instantly fund efforts to threaten the South and are due to this fact precedence issues.
Any cyber safety collaboration with South Korea should acknowledge a risk panorama the place North Korea looms massive.
Within the UK, nevertheless, the cyber risk setting appears very completely different. The UK Strategic Defence Evaluation 2025 confirmed a transparent emphasis on Russia and NATO, prioritizing European safety and decreasing give attention to the Indo-Pacific in contrast with earlier UK methods.
In our on-line world, China and Russia are seen because the UK’s precedence adversaries. China is seen as a longer-term strategic risk, illustrated by current revelations about Salt and Volt Storm operations. In the meantime, Russia presents imminent cyber threats, significantly from state-linked ransomware concentrating on UK companies. Russia’s risk is “acute and globally pervasive” and exacerbated by its hybrid warfare technique concentrating on the UK and NATO allies.
Although Russia and China take centre stage, Iran and North Korea are additionally a part of the UK’s ‘huge 4.’ North Korea is often named, however is commonly bundled with different risk actors. One exception is the 2023 UK-South Korea joint technical advisory that recognized North Korean state-linked actors concentrating on software program provide chains. Nonetheless, that is an exception, not the rule.
Analysis by the Royal United Service’s Institute (RUSI) on the UK-ROK Cyber Partnership finds that whereas every nation has completely different drivers and motivations for cooperation, these usually are not all risk actor particular. Frequent pursuits and a want to reinforce collaboration exist throughout risk intelligence sharing, lively cyber defence and AI in addition to different rising applied sciences.
Counteracting Adversary Cooperation is Key for the UK and South Korea
Growing coordination by Russia and North Korea reinforces a view that the UK and South Korea mustn’t restrict their focus to their very own again yards. Adversaries’ actions are converging and presenting amplified threats.
In June 2024, Kim Jong Un and Vladimir Putin signed a complete strategic partnership treaty aimed toward enhancing bilateral ties, together with throughout expertise and defence. The affect has already been seen with North Korean troops and shells offered to the Russian army in Ukraine. Further help has included sending employees to Russian arms producers and giving entry to weapons stockpiles. In trade, Russia has provided North Korea with meals and gas in addition to supporting army modernisation efforts throughout fighter jets, reconnaissance satellites, and ballistic missiles—extremely delicate capabilities.
In contrast with kinetic capabilities, open-source proof documenting Russia-North Korea cooperation on cyber is patchier. Regardless of this, many observers have argued it’s more and more seemingly given provisions inside their strategic partnership centered on applied sciences, data communication expertise (ICT) and data safety.
One instance, noticed by Microsoft, is Moonstone Sleet, a North Korean state-linked hacking group, turning into an affiliate of Russian Ransomware-as-a-Service group Qilin. Bitdefender hyperlinks this partnership to an enormous enhance in ransomware assaults on South Korea on the finish of 2025, with the nation turning into the second most focused based mostly on their monitoring—sometimes it doesn’t rank among the many prime 5.
One other instance, recognized by Gen Digital, experiences early insights that Russian and North Korean teams could also be working on shared infrastructure. On July 24, 2025, Gen Digital recognized an IP handle related to command-and-control infrastructure of Gamaredon, an alleged Russian-aligned risk actor linked by Safety Service of Ukraine to Russia’s Federal Safety Bureau (FSB). 4 days later, the identical server was noticed internet hosting an obfuscated model of malware attributed to the Lazarus Group, a North Korean state-sponsored actor. Whereas this isn’t categorical proof of operational coordination between the teams, it suggests the potential reuse or sharing of infrastructure.
Neither of those examples provide incontrovertible proof of large-scale Russia-North Korea operational cooperation. Nonetheless, they justify consideration on the matter and reiterate the necessity for the UK and South Korea to have a extra coordinated strategy to counteract adversary cooperation. The UK-ROK Strategic Cyber Partnership gives an appropriate mechanism to interrogate these connections.
Combatting Frequent Threats Can Drive Cooperation
Higher understanding of Russian and North Korean strategic cyber and expertise engagement presents a compelling narrative and highly effective driver for UK-South Korea cooperation on risk. The UK and South Korea are uniquely effectively located to watch, collect, and analyse knowledge on this difficulty and, if mandatory, can successfully construct understanding amongst allies and the general public of this pattern.
Analyzing Russian-North Korean cooperation in our on-line world should due to this fact be one of many precedence areas for the brand new spherical of the Cyber Dialogue between the UK and South Korea if this isn’t already the case behind closed doorways.
Reorienting the UK-ROK Strategic Cyber Partnership to Counteract Adversary Cooperation
Three areas of labor would significantly profit from a higher understanding of Russia-North Korea collaboration in our on-line world. Firstly, the UK and South Korea are dedicated to collaborating on deterrence, together with by means of attributions. This can be a key driver, significantly for the UK that extremely values public attributions of cyber operations. Nonetheless, South Korea to this point has been extra reluctant to conduct public attributions. A greater understanding of the place risk actors converge might affect how helpful a software for deterrence attributions are to the UK and South Korea. If they’re attributing joint actions of Russia and the DPRK, the political urge for food to conduct an attribution might enhance.
Secondly, South Korea and the UK every see each other as succesful cyber powers with vital cyber risk intelligence capabilities. Nonetheless, we perceive from related officers that risk intelligence sharing between UK and South Korean stakeholders experiences obstacles, for instance the dearth of a Basic Safety Settlement setting out the safety of categorized data. Assuming efforts to mitigate these points are already ongoing, they need to nonetheless be redoubled—efficient data sharing is vital to keep up understandings of adversary exercise and plan efficient countermeasures.
Thirdly, a greater understanding of joint adversaries would additional open the dialog to what a coordinated accountable offensive cyber energy ought to seem like in response to those threats. The UK has already publicly acknowledged it conducts offensive cyber operations and has dedicated to doing so in a accountable approach, together with consistent with home and worldwide regulation but in addition extra rules it has set out in its Accountable Cyber Energy in Observe doc. South Korea’s 2024 cyber technique clearly emphasises a shift in the direction of proactive cyber defence and a extra offensive posture for deterrence. RUSI’s analysis reveals that there’s urge for food for additional collaboration on offensive cyber operations, together with on doctrinal questions that look at how these will be carried out in a accountable style.
The following iteration of the cyber dialogue between the UK and South Korea ought to assess these areas of cooperation and decide the place joint actions will be expanded whereas appreciating every nations’ respective motivations. Performing early, whereas Russia-North Korea cooperation on cyber appears extra a prospect than a actuality, can be sensible. If efforts usually are not already underway by intelligence companies, they need to get into gear.
Pia Hüsch and Joseph Jarnecki are the authors of a analysis paper by the Royal United Providers Institute entitled Strengthening UK–South Korea Cyber Safety Cooperation.
