On August 13, 2025, the leak of nearly 9 GB of internal files from a North Korean cyber espionage unit highlighted a reality now familiar to the world’s major armies: cyber attacks are increasingly targeting military organizations directly, compromising not only their operations but also their deterrent credibility.
North Korea: a breach at the heart of offensive units
The hacking of an operator linked to the Kimsuky group — dubbed APT Down – The North Korea Files — revealed phishing logs and Cobalt Strike loaders and even the source code for South Korea’s official diplomatic messaging system. More than just a symbolic blow, the incident is forcing Pyongyang to rethink its methods while exposing the inner workings of one of its major intelligence arms.
US: a constant target for state actors
The US military has long been a priority target. Past intrusions—such as the 2015 hack of the Office of Personnel Management attributed to China, or repeated attacks against Pentagon contractors—show that cyber operations are aimed at both espionage and technology theft. The U.S. Cyber Command (USCYBERCOM) regularly warns that hostile actors are seeking to compromise logistics, command and control networks, and even satellite systems.
Russia and Ukraine: Cyber Warfare on the Battlefield
The war in Ukraine has turned cyberspace into a frontline weapon. Russia has deployed destructive malware (NotPetya, WhisperGate), while Ukraine and its allies have struck back at Russian military infrastructure and suppliers. Both armies are subject to persistent attempts to disrupt communications, logistics software, and drone command links—directly influencing the course of operations.
China: a long-term espionage strategy
The Chinese cyber military apparatus, often attributed to PLA Unit 61398 and associated groups, focuses on strategic espionage. Repeated campaigns against Western defense industries have targeted plans for the F-35 fighter jet, naval propulsion technologies, and missile defense systems. Rather than spectacular disruption, Beijing’s model favors the slow and cumulative extraction of sensitive military information.
Strategic impacts
The North Korean leak illustrates the broader consequences of cyber operations against armies:
• Operational disruption: loss of active tools and data interrupting ongoing campaigns.
• Exposure of methods: source code and malware archives provide unprecedented visibility to defenders.
• Psychological effect: adversaries realize that even the most secret units are vulnerable.
• Risk of escalation: ambiguity of attribution complicates proportionate response and increases the risk of strategic misunderstanding.
From Pyongyang to Washington, Moscow, Beijing, and Kyiv, cyber attacks against military units are no longer isolated incidents—they have become a defining feature of 21st-century conflicts. As armies become increasingly dependent on digital systems, their offensive and defensive cyber postures will shape not only tactical outcomes but also global strategic balances.
