Bureau 121
Bureau 121 is a North Korean cyberwarfare agency, which is part of the Reconnaissance General Bureau of North Korea's military.[1][2] According to American authorities, the RGB manages clandestine operations and has six bureaus.[3][4]
Cyber operations are thought to be a cost-effective way for North Korea to maintain an asymmetric military option, as well as a means to gather intelligence; its primary intelligence targets are South Korea, Japan, and the United States.[4] Bureau 121 was created in 1998.[5]
Staffing
According to a report by Reuters, Bureau 121 is staffed by some of North Korea's most talented computer experts and is run by the Korean military.[1] A defector indicated that the agency has about 1,800 specialists. Many of the bureau's hackers are hand-picked graduates of the University of Automation, Pyongyang[1] and spend five years in training.[6] While these specialists are scattered around the world, their families benefit from special privileges at home.[7]
Targets and methods
The activities of the agency came to public attention in December 2014 when Sony Pictures canceled the opening of its movie The Interview after its computers had been hacked.[8][9] Bureau 121 has been blamed for the cyber breach, but North Korea has rejected this accusation.[10]
Much of the agency's activity has been directed at South Korea.[1][4] Prior to the attack at Sony, North Korea was said to have attacked more than 30,000 PCs in South Korea affecting banks and broadcasting companies as well as the website of South Korean President Park Geun-hye[1][4][11] North Korea has also been thought to have been responsible for infecting thousands of South Korean smartphones in 2013 with a malicious gaming application.[10] The attacks on South Korea were allegedly conducted by a group then called DarkSeoul Gang and estimated by the computer security company Symantec to have only 10 to 50 members with a "unique" ability to infiltrate websites.[1]
American authorities believe that North Korea has military offensive cyber operations capability and may have been responsible for malicious cyber activity since 2009.[4] As part of its sophisticated set-up, cells from Bureau 121 are believed to be operating around the world.[7][12] One of the suspected locations of a Bureau 121 cell is the Chilbosan Hotel in Shenyang, China.[5][13]
South Korea has also repeatedly blamed Bureau 121 for conducting GPS jamming aimed at South Korea. The most recent case of jamming occurred on 1 April 2016.
Structure
Bureau 121 consists of the following units as of 2019:[14]
- Lab 110[15]
- Office 98
- Office 414
- Office 35
- Unit 180[16]
- Unit 91
- 128 Liaison Office
- 413 Liaison Office
Alleged operations
- 2013 South Korea cyberattack
- November 2014 Sony Pictures hack
- February 2016 Bangladesh Bank robbery
- 2015–2016 SWIFT banking hack
- May 2017 WannaCry ransomware attack
See also
- Tailored Access Operations, USA
- PLA Unit 61398, China
- Lazarus Group
References
- ^ a b c d e f Park, Ju-Min; Pearson, James (December 5, 2014). "In North Korea, hackers are a handpicked, pampered elite". Reuters. Retrieved December 18, 2014.
- ^ Gibbs, Samuel (December 2, 2014). "Did North Korea's notorious Unit 121 cyber army hack Sony Pictures?". The Guardian. Retrieved January 20, 2015.
- ^ John Pike. "North Korean Intelligence Agencies". Federation of American Scientists, Intelligence Resource Program. Retrieved January 20, 2015.
- ^ a b c d e United States Department of Defense. "Military and Security Developments Involving the Democratic People's Republic of Korea 2013" (PDF). Federation of American Scientists. Retrieved January 20, 2015.
- ^ a b David E. Sanger, Martin Fackler (January 18, 2015). "N.S.A. Breached North Korean Networks Before Sony Attack, Officials Say". nytimes.com. Retrieved January 20, 2015.
- ^ Waterhouse, James; Doble, Anna (2015-05-19). "Bureau 121: North Korea's elite hackers and a 'tasteful' hotel in China". BBC News. Retrieved 2017-04-27.
- ^ a b Sciutto, Jim (19 December 2014). "White House viewing Sony hack as national security threat". CNN. WWLP 22 News. Archived from the original on 2014-12-19.
- ^ Lang, Brett. "Major U.S. Theaters Drop 'The Interview' After Sony Hacker Threats". Variety. Retrieved December 17, 2014.
- ^ Brown, Pamela; Sciutto, Jim; Perez, Evan; Acosta, Jim; Bradner, Eric (December 18, 2014). "U.S. will respond to North Korea hack, official says". CNN. Retrieved December 18, 2014.
- ^ a b Cloherty, Jack (17 December 2014). "Sony Hack Believed to Be Routed Through Infected Computers Overseas". ABC News. US: Go.
- ^ Sangwon Yoon, Shinyye Kang (June 25, 2013). "S. Korea Government, Media Sites Hacked Closed for Review". Bloomberg. Retrieved December 20, 2014.
- ^ Tapper, Jake (18 December 2014). "Panel: Were North Korean "cyber soldiers" behind Sony hack?". The Lead with Jake Tapper. CNN.
- ^ Daly, Michael (December 20, 2014). "Inside the 'Surprisingly Great' North Korean Hacker Hotel". The Daily Beast. Retrieved 25 December 2014.
- ^ https://ccdcoe.org/uploads/2019/06/Art_08_The-All-Purpose-Sword.pdf
- ^ "The Organization of Cyber Operations in North Korea" (PDF). Center for Strategic and International Studies (CSIS).
- ^ Park, Ju-min; Pearson, James. Gopalakrishnan, Raju (ed.). "Exclusive: North Korea's Unit 180, the cyber warfare cell that worries the West". Reuters. Archived from the original on May 21, 2017.