
A specialized scientific center is being established in North Korea to operate around the clock, focusing on the development of advanced cyberattack technologies powered by artificial intelligence. This new entity, known as “Research Center 227,” falls under the command of the General Reconnaissance Bureau (GRB) of the country’s armed forces.
According to sources within the DPRK, the decision to create the center was made personally by Kim Jong-un at the end of February. The Supreme Commander issued a directive to enhance the nation’s offensive capabilities in the realm of information warfare abroad, which led to the formal initiation of the center’s formation on March 9. The order was relayed via the Operations Bureau to GRB headquarters.
The center will be based in the Mangyongdae district, distinct from the GRB’s primary headquarters located in the Hyongjesan area of Pyongyang. This physical separation underscores its role as an independent entity within the military intelligence structure. While some within the agency view its mission as intelligence gathering, sources indicate that its primary focus will be on the development of offensive cyber capabilities.
The center’s mandate includes the creation of software and methodologies aimed at breaching and neutralizing Western cybersecurity systems, exfiltrating sensitive data and financial assets, and deploying automated information analysis tools. Particular emphasis will be placed on artificial intelligence technologies—for use in cyber espionage and in the design of autonomous malicious instruments.
It will maintain continuous communication with North Korea’s overseas hacking units to enable real-time responses to incoming intelligence. By concentrating resources and expertise within a single hub, the center aims to accelerate the research, development, and deployment of new offensive solutions.
Recruitment for the center has already begun, with plans to enlist approximately 90 specialists who have demonstrated exceptional academic performance at the undergraduate and postgraduate levels. These recruits will include programmers, automation experts, and cybersecurity professionals drawn from the nation’s leading educational and research institutions.
It is important to note that these individuals will not serve as frontline cyber operatives abroad, but rather as developers tasked with creating the internal tools necessary for offensive operations. Their work is expected to significantly enhance the GRB’s future capabilities in cyberwarfare.
North Korea has long exhibited alarming success in the realm of offensive cyber operations. The infamous Lazarus Group, for instance, has been linked to numerous attacks on financial institutions worldwide. Experts attribute a series of high-profile cryptocurrency heists—whose total losses now amount to billions of dollars—to this group.
One of the most recent incidents involved the breach of the Bybit cryptocurrency exchange, which resulted in the theft of digital assets valued at approximately $1.5 billion. Such operations underscore the formidable technical proficiency of North Korea’s cyber units and render the development of infrastructure like Center 227 an even greater threat to global digital security.