Bureau 121[4] is a North Korean cyberwarfare agency, and the main unit of the Reconnaissance General Bureau of North Korea's military.[5][6][7][8] It conducts offensive cyber operations, including espionage and cyber-enabled finance crime.[6][5] According to American authorities, the RGB manages clandestine operations and has six bureaus.[9][10]
Cyber operations are thought to be a cost-effective way for North Korea to maintain an asymmetric military option, as well as a means to gather intelligence; its primary intelligence targets are South Korea, Japan, and the United States.[10]
History
Bureau 121 was created in 1998.[11]
Targets and methods
The activities of the agency came to public attention in December 2014 when Sony Pictures canceled the opening of its movie The Interview after its computers had been hacked.[12][13] Bureau 121 has been blamed for the cyber breach, but North Korea has rejected this accusation.[14]
Much of the agency's activity has been directed at South Korea.[7][10] Prior to the attack at Sony, North Korea was said to have attacked more than 30,000 PCs in South Korea affecting banks and broadcasting companies as well as the website of South Korean President Park Geun-hye.[7][10][15] North Korea has also been thought to have been responsible for infecting thousands of South Korean smartphones in 2013 with a malicious gaming application.[14] The attacks on South Korea were allegedly conducted by a group then called DarkSeoul Gang and estimated by the computer security company Symantec to have only 10 to 50 members with a "unique" ability to infiltrate websites.[7]
American authorities believe that North Korea has military offensive cyber operations capability and may have been responsible for malicious cyber activity since 2009.[10] As part of its sophisticated set-up, cells from Bureau 121 are believed to be operating around the world.[16][17][18] One of the suspected locations of a Bureau 121 cell is the Chilbosan Hotel in Shenyang, China.[11][19][5]
South Korea has also repeatedly blamed Bureau 121 for conducting GPS jamming aimed at South Korea. The most recent case of jamming occurred on 1 April 2016.
Structure
Bureau 121 consists of the following units as of 2019:[20]
- Lab 110[21]
- Office 98
- Office 414
- Office 35
- Unit 180[22]
- Unit 91
- 128 Liaison Office
- 413 Liaison Office
Staffing
Bureau 121 is the largest (more than 600 hackers) and most sophisticated unit in the RGB.[5][6][16] According to a report by Reuters, Bureau 121 is staffed by some of North Korea's most talented computer experts and is run by the Korean military.[7] A defector indicated that the agency has about 1,800 specialists. Many of the bureau's hackers are hand-picked graduates of the University of Automation, Pyongyang[7] and spend five years in training.[23] A 2021 estimate suggested that there may be over 6,000 members in Bureau 121, with many of them operating in other countries, such as Belarus, China, India, Malaysia, and Russia.[16]
While these specialists are scattered around the world, their families benefit from special privileges at home.[17]
Alleged operations
- 2013 South Korea cyberattack
- November 2014 Sony Pictures hack
- February 2016 Bangladesh Bank robbery
- 2015–2016 SWIFT banking hack
- May 2017 WannaCry ransomware attack
See also
- Tailored Access Operations, USA
- PLA Unit 61398, China
- Lazarus Group
References
- ↑ Pinkston, Daniel A. (2016). "Inter-Korean Rivalry in the Cyber Domain: The North Korean Cyber Threat in the "Sŏn'gun" Era". Georgetown Journal of International Affairs. 17 (3): 67–68. ISSN 1526-0054. JSTOR 26395976.
- ↑ Park, Donghui (2019). "3.5 North Korea's Cyber Proxy Warfare Strategy" (PDF). North Korea's Cyber Proxy Warfare: Origins, Strategy, and Regional Security Dynamics (PhD). University of Washington. pp. 137–150.
- ↑ Gause, Ken E. (August 2015). "North Korea's Provocation and Escalation Calculus: Dealing with the Kim Jong-un Regime" (PDF). Defense Technical Information Center. CNA Analysis & Solutions. Archived (PDF) from the original on March 6, 2021.
- ↑ AKA: Department/Office/Unit 121, Electronic Reconnaissance Department, or the Cyber Warfare Guidance Department[1][2][3]
- 1 2 3 4 "Strategic Primer: Cybersecurity" (PDF). American Foreign Policy Council. 2016. p. 11.
- 1 2 3 Bartlett, Jason (2020). "Exposing the Financial Footprints of North Korea's Hackers". Center for a New American Security.
- 1 2 3 4 5 6 Park, Ju-Min; Pearson, James (December 5, 2014). "In North Korea, hackers are a handpicked, pampered elite". Reuters. Archived from the original on December 19, 2014. Retrieved December 18, 2014.
- ↑ Gibbs, Samuel (December 2, 2014). "Did North Korea's notorious Unit 121 cyber army hack Sony Pictures?". The Guardian. Retrieved January 20, 2015.
- ↑ John Pike. "North Korean Intelligence Agencies". Federation of American Scientists, Intelligence Resource Program. Retrieved January 20, 2015.
- 1 2 3 4 5 United States Department of Defense. "Military and Security Developments Involving the Democratic People's Republic of Korea 2013" (PDF). Federation of American Scientists. Retrieved January 20, 2015.
- 1 2 David E. Sanger, Martin Fackler (January 18, 2015). "N.S.A. Breached North Korean Networks Before Sony Attack, Officials Say". nytimes.com. Retrieved January 20, 2015.
- ↑ Lang, Brett (17 December 2014). "Major U.S. Theaters Drop 'The Interview' After Sony Hacker Threats". Variety. Retrieved December 17, 2014.
- ↑ Brown, Pamela; Sciutto, Jim; Perez, Evan; Acosta, Jim; Bradner, Eric (December 18, 2014). "U.S. will respond to North Korea hack, official says". CNN. Retrieved December 18, 2014.
- 1 2 Cloherty, Jack (17 December 2014). "Sony Hack Believed to Be Routed Through Infected Computers Overseas". ABC News. US: Go.
- ↑ Sangwon Yoon, Shinyye Kang (June 25, 2013). "S. Korea Government, Media Sites Hacked Closed for Review". Bloomberg. Retrieved December 20, 2014.
- 1 2 3 Healthcare Sector Cybersecurity Coordination Center, (HC3) (2021). "North Korean Cyber Activity" (PDF). U.S. Department of Health & Human Services.
{{cite web}}
: CS1 maint: numeric names: authors list (link) - 1 2 Sciutto, Jim (19 December 2014). "White House viewing Sony hack as national security threat". CNN. WWLP 22 News. Archived from the original on 2014-12-19.
- ↑ Tapper, Jake (18 December 2014). "Panel: Were North Korean "cyber soldiers" behind Sony hack?". The Lead with Jake Tapper. CNN.
- ↑ Daly, Michael (December 20, 2014). "Inside the 'Surprisingly Great' North Korean Hacker Hotel". The Daily Beast. Retrieved 25 December 2014.
- ↑ https://ccdcoe.org/uploads/2019/06/Art_08_The-All-Purpose-Sword.pdf
- ↑ "The Organization of Cyber Operations in North Korea" (PDF). Center for Strategic and International Studies (CSIS). Archived from the original (PDF) on 2019-06-30. Retrieved 2020-06-28.
- ↑ Park, Ju-min; Pearson, James. Gopalakrishnan, Raju (ed.). "Exclusive: North Korea's Unit 180, the cyber warfare cell that worries the West". Reuters. Archived from the original on May 21, 2017.
- ↑ Waterhouse, James; Doble, Anna (2015-05-19). "Bureau 121: North Korea's elite hackers and a 'tasteful' hotel in China". BBC News. Retrieved 2017-04-27.