Organization:Bureau 121

From HandWiki
Short description: North Korean cyberwarfare agency

Bureau 121[4] is a North Korean cyberwarfare agency, and the main unit of the Reconnaissance General Bureau (RGB) of North Korea's military.[5][6][7][8] It conducts offensive cyber operations, including espionage and cyber-enabled finance crime.[6][5] According to American authorities, the RGB manages clandestine operations and has six bureaus.[9][10]

Cyber operations are thought to be a cost-effective way for North Korea to maintain an asymmetric military option, as well as a means to gather intelligence; its primary intelligence targets are South Korea, Japan, and the United States.[10]

History

Bureau 121 was created in 1998.[11]

Targets and methods

The activities of the agency came to public attention in December 2014 when Sony Pictures canceled the opening of its movie The Interview after its computers had been hacked.[12][13] Bureau 121 has been blamed for the cyber breach, but North Korea has rejected this accusation.[14]

Much of the agency's activity has been directed at South Korea .[7][10] Prior to the attack at Sony, North Korea was said to have attacked more than 30,000 PCs in South Korea affecting banks and broadcasting companies as well as the website of South Korean President Park Geun-hye.[7][10][15] North Korea has also been thought to have been responsible for infecting thousands of South Korean smartphones in 2013 with a malicious gaming application.[14] The attacks on South Korea were allegedly conducted by a group then called DarkSeoul Gang and estimated by the computer security company Symantec to have only 10 to 50 members with a "unique" ability to infiltrate websites.[7]

American authorities believe that North Korea has military offensive cyber operations capability and may have been responsible for malicious cyber activity since 2009.[10] As part of its sophisticated set-up, cells from Bureau 121 are believed to be operating around the world.[16][17][18] One of the suspected locations of a Bureau 121 cell is the Chilbosan Hotel in Shenyang, China.[11][19][5]

South Korea has also repeatedly blamed Bureau 121 for conducting GPS jamming aimed at South Korea. The most recent case of jamming occurred on 1 April 2016.

Structure

Bureau 121 consists of the following units as of 2019:[20]

  • Lab 110[21]
    • Office 98
    • Office 414
    • Office 35
  • Unit 180[22]
  • Unit 91
  • 128 Liaison Office
  • 413 Liaison Office

Staffing

Bureau 121 is the largest (more than 600 hackers) and most sophisticated unit in the RGB.[5][6][16] According to a report by Reuters , Bureau 121 is staffed by some of North Korea's most talented computer experts and is run by the Korean military.[7] A defector indicated that the agency has about 1,800 specialists. Many of the bureau's hackers are hand-picked graduates of the University of Automation, Pyongyang[7] and spend five years in training.[23] A 2021 estimate suggested that there may be over 6,000 members in Bureau 121, with many of them operating in other countries, such as Belarus, China, India, Malaysia, and Russia.[16]

While these specialists are scattered around the world, their families benefit from special privileges at home.[17]

Alleged operations

See also

References

  1. Pinkston, Daniel A. (2016). "Inter-Korean Rivalry in the Cyber Domain: The North Korean Cyber Threat in the "Sŏn'gun" Era". Georgetown Journal of International Affairs 17 (3): 67–68. ISSN 1526-0054. https://www.jstor.org/stable/26395976. 
  2. Park, Donghui (2019). "3.5 North Korea's Cyber Proxy Warfare Strategy" (PDF). North Korea's Cyber Proxy Warfare: Origins, Strategy, and Regional Security Dynamics (PhD). University of Washington. pp. 137–150.
  3. Gause, Ken E. (August 2015). "North Korea's Provocation and Escalation Calculus: Dealing with the Kim Jong-un Regime". CNA Analysis & Solutions. https://apps.dtic.mil/sti/pdfs/ADA621100.pdf. 
  4. AKA: Department/Office/Unit 121, Electronic Reconnaissance Department, or the Cyber Warfare Guidance Department[1][2][3]
  5. 5.0 5.1 5.2 5.3 "Strategic Primer: Cybersecurity". 2016. p. 11. https://www.afpc.org/uploads/documents/Cybersecurity%20Primer%20-%20March%202016%20(for%20web).pdf. 
  6. 6.0 6.1 6.2 Bartlett, Jason (2020). "Exposing the Financial Footprints of North Korea's Hackers". https://www.cnas.org/publications/reports/exposing-the-financial-footprints-of-north-koreas-hackers. 
  7. 7.0 7.1 7.2 7.3 7.4 7.5 Park, Ju-Min; Pearson, James (December 5, 2014). "In North Korea, hackers are a handpicked, pampered elite". Reuters. https://www.reuters.com/article/us-sony-cybersecurity-northkorea-idUSKCN0JJ08B20141205. 
  8. Gibbs, Samuel (December 2, 2014). "Did North Korea's notorious Unit 121 cyber army hack Sony Pictures?". The Guardian. https://www.theguardian.com/technology/2014/dec/02/north-korea-hack-sony-pictures-brad-pitt-fury. 
  9. John Pike. "North Korean Intelligence Agencies". Federation of American Scientists, Intelligence Resource Program. https://fas.org/irp/world/dprk/. 
  10. 10.0 10.1 10.2 10.3 10.4 United States Department of Defense. "Military and Security Developments Involving the Democratic People's Republic of Korea 2013". Federation of American Scientists. https://fas.org/irp/world/dprk/dod-2013.pdf. 
  11. 11.0 11.1 David E. Sanger, Martin Fackler (January 18, 2015). "N.S.A. Breached North Korean Networks Before Sony Attack, Officials Say". nytimes.com. https://www.nytimes.com/2015/01/19/world/asia/nsa-tapped-into-north-korean-networks-before-sony-attack-officials-say.html?_r=1. 
  12. Lang, Brett (17 December 2014). "Major U.S. Theaters Drop 'The Interview' After Sony Hacker Threats". https://variety.com/2014/film/news/major-u-s-theaters-drop-the-interview-after-sony-hacker-threats-1201381861/. 
  13. Brown, Pamela; Sciutto, Jim; Perez, Evan; Acosta, Jim; Bradner, Eric (December 18, 2014). "U.S. will respond to North Korea hack, official says". CNN. http://www.cnn.com/2014/12/18/politics/u-s-will-respond-to-north-korea-hack/. 
  14. 14.0 14.1 Cloherty, Jack (17 December 2014). "Sony Hack Believed to Be Routed Through Infected Computers Overseas". ABC News (US: Go). https://abcnews.go.com/Politics/sony-hack-believed-routed-infected-computers-overseas/story?id=27667840. 
  15. Sangwon Yoon, Shinyye Kang (June 25, 2013). "S. Korea Government, Media Sites Hacked Closed for Review". Bloomberg News. https://www.bloomberg.com/news/2013-06-25/s-korea-president-s-websites-closed-for-review.html. 
  16. 16.0 16.1 16.2 Healthcare Sector Cybersecurity Coordination Center, (HC3) (2021). "North Korean Cyber Activity". https://www.hhs.gov/sites/default/files/dprk-cyber-espionage.pdf. 
  17. 17.0 17.1 Sciutto, Jim (19 December 2014). "White House viewing Sony hack as national security threat". CNN (WWLP 22 News). http://wwlp.com/2014/12/19/white-house-viewing-sony-hack-as-national-security-threat/. 
  18. Tapper, Jake (18 December 2014). "Panel: Were North Korean "cyber soldiers" behind Sony hack?". The Lead with Jake Tapper. CNN.
  19. Daly, Michael (December 20, 2014). "Inside the 'Surprisingly Great' North Korean Hacker Hotel". The Daily Beast. http://www.thedailybeast.com/articles/2014/12/20/inside-the-surprisingly-great-north-korean-hacker-hotel.html. 
  20. Kong, Ji Young; Lim, Jong In; Kim, Kyoung Gon (2019). "The All-Purpose Sword: North Korea’s Cyber Operations and Strategies". 2019 11th International Conference on Cyber Conflict. Tallin, Estonia: NATO. doi:10.23919/CYCON.2019.8756954. https://ccdcoe.org/uploads/2019/06/Art_08_The-All-Purpose-Sword.pdf. 
  21. "The Organization of Cyber Operations in North Korea". https://csis-prod.s3.amazonaws.com/s3fs-public/legacy_files/files/publication/141218_Cyber_Operations_North_Korea.pdf. 
  22. Park, Ju-min; Pearson, James. "Exclusive: North Korea's Unit 180, the cyber warfare cell that worries the West". Reuters. https://www.reuters.com/article/us-cyber-northkorea-exclusive-idUSKCN18H020. 
  23. Waterhouse, James; Doble, Anna (2015-05-19). "Bureau 121: North Korea's elite hackers and a 'tasteful' hotel in China" (in en-GB). BBC News. http://www.bbc.co.uk/newsbeat/article/32926248/bureau-121-north-koreas-elite-hackers-and-a-tasteful-hotel-in-china.