North Korea has reportedly launched a new, AI-focused cybercrime facility dubbed “Research Center 227,” dedicated to offensive hacking and artificial intelligence development for cyberattacks.
The facility, located in Pyongyang, is believed to be operating around the clock and works in direct coordination with the regime’s notorious Reconnaissance General Bureau (RGB) — the government’s primary agency for cyber operations and espionage.
Supreme Leader Kim Jong-un issued a directive in late February instructing the RGB to strengthen its “overseas information warfare capabilities.” As part of that order, the new center was created to serve as a hub for developing advanced hacking technologies.
At least 90 cybersecurity specialists have been assigned to the facility, which is reportedly focusing less on passive intelligence gathering and more on active offensive cyber tactics, including AI-driven cyberattack tools, fraud operations, and cyber-enabled espionage.
The move reflects North Korea’s growing reliance on cybercrime as a critical tool to circumvent international sanctions and generate income through illicit means. Hacking has emerged as a state-sponsored revenue stream, particularly via cryptocurrency theft, ransomware, and business email compromise schemes.
Analysts also point to North Korea’s increasing use of AI and supply chain infiltration as part of its evolving tactics. Additionally, reports have revealed efforts by North Korean agents to pose as outsourced IT workers in foreign companies, embedding themselves into global infrastructure.
The establishment of Research Center 227 signals Pyongyang’s continued investment in next-generation cyber capabilities, raising concerns among cybersecurity experts about the intersection of artificial intelligence and hostile state actors.
