North Koreas Elite Cyber Army | Generated by AI

Home 2026.03

Question: Who are the hackers behind the Bybit breach? Are they young people in North Korea, and do they get trained for around 10 years?

Answer:

Who Are the Bybit Hackers — The Lazarus Group

Identity & Organization

The Lazarus Group is a North Korean state-backed team of hackers responsible for billion-dollar cyber heists. Active since 2009, it is associated with the North Korean government’s Reconnaissance General Bureau (RGB), the nation’s primary intelligence agency.

According to allied intelligence assessments, the group commonly labelled as Lazarus is believed to be made up of roughly 7,000 cyber operatives.

The name “Lazarus Group” today is an umbrella term describing the many subgroups, or threat clusters, assigned to cyber operations within DPRK military intelligence.

Are They Young? — Yes, Recruitment Starts at Age 11

The state handpicked and trained the country’s hackers, with recruitment starting as early as age 11. These selected individuals receive special privileges, including spacious apartments and exemption from military service.

Domestic education for aspiring hackers includes the Kim Chaek University of Technology, Kim Il Sung University, and Moranbong University, which picks the brightest students from across the country and puts them through six years of special education.

Training Pipeline — Yes, Close to 10 Years or More

The training pipeline is multi-stage and long:

  1. Age ~11: Gifted students are identified and selected by the state
  2. Domestic schooling: 6 years of specialized technical education at elite universities
  3. Sent to China for advanced training: Since the free internet does not exist in North Korea, aspiring hackers are sent to China — the only country that still maintains reasonable relations with North Korea — where they learn how computers and the internet are used in the free world before going to work for the regime as a hacker.
  4. The most talented operatives are sent to Shenyang, China, North Korea’s closest remaining ally, for further advanced training.

So from initial recruitment at ~11 to operational deployment, the full pipeline is easily 10+ years, confirming your assumption.

What Keeps Them Motivated?

Defectors’ stories consistently describe a centralized, tightly controlled, and well-funded hacking program. Lazarus Group members see themselves as loyal workers serving their country, driven by privilege, ideology, and concern for their families. Some low-level defectors who worked in IT mention that cyber operatives live in much better conditions than the average citizen — perks include better food and access to foreign movies and global news, which are luxuries in the DPRK.

The families of North Korean hackers that operate in China and other countries are held as “collateral”, but may also be rewarded for the success of the cyber operation.

Why Are They So Dangerous?

Working nearly 24/7 in shifts, Lazarus hackers continuously refine their techniques, funneling stolen assets back into the North Korean regime.

Unlike Russia, which shut down its REvil hacking group at the request of the US after devastating attacks on Western companies, North Korea faces no such external pressure. The country is hardly sensitive to external political pressure to comply with internationally accepted rules, which gives it more freedom.

The U.S. deputy national security advisor for cybersecurity stated that North Korea uses cybercrimes to gain financing for up to 30% of its missile program.

Total Damage So Far

Between 2021 and 2025, the Lazarus Group stole over $5 billion in cryptocurrency, significantly disrupting the Web3 ecosystem. Their attacks have targeted major platforms including UpBit, KuCoin, Ronin Bridge, Atomic Wallet, and most recently, Bybit.

References:

Back Donate