US Army: North Korean hackers operate from other countries

Η North Korea has at least 6.000 hackers and cyber warfare experts. According to a report published by army of USA, many of the North Korean hackers operate from other countries such as Belarus, China, India, Malaysia and Russia.

The report, called "North Korean TacticsIs essentially a handbook used by the US military to train troops and military leaders. The Army first published this handbook last month.

The 332-page report contains a "treasure trove" of information about him Korean People's Army (KPA), such as data on military tactics, arsenal, leadership structure, troop types, logistics and cyber warfare capabilities.

US Army: The Bureau 121 has at least 6.000 members

Most of the report deals with classic military tactics and capabilities, but also refers to some secret hacking North Korean units.

"Most EW [electronic warfare] operations take place inside the unit Cyber ​​Warfare Guidance Unit, better known as 121 Bureau", Said the US military.

Previous reports from information communities and security have also linked all North Korean hackers to Bureau 121. Bureau 121 is part of the Reconnaissance General Bureau, a North Korean intelligence service that is part of the National Defense Committee.

The U.S. military says Bureau 121 has grown significantly in recent years as North Korea expands its cyber activities.

According to the report, the hackers associated with Bureau 121 were approximately 1.000 in 2010 and now there are more than 6.000.

That number is in line with data released by the South Korean Ministry of Defense, which said North Korea had 3.000 cybercriminals in 2013, a number that later doubled.

However, The U.S. military believes the number 6.000 is not entirely accurate.

"It simply came to our notice then probably much larger "Now: since 2009, about 100 hackers a year have graduated from North Korea's Mirim College for the KPA (military)," the U.S. military said.

Information about them North Korean hackers

U.S. military officials say Bureau 121 is divided into four sections.

The first part is what security experts call it Andariel Group, an APT team (code name used to describe hacking government-funded groups).

The U.S. military claims that Andariel Group has about 1.600 members "Whose mission is to gather information from enemy computer systems by assessing network vulnerabilities."

"This team maps the enemy network for a possible attackUS military officials said.

The second section of Bureau 121 is called Bluenoroff Group. The U.S. military says this APT has about 1.700 hackers Whose mission is to conducting financial crimes in cyberspace by assessing and exploiting the vulnerabilities of the enemy network ”.

The third part is the well-known group Lazarus Group. This group is inextricably linked to North Korea.

The number of hackers involved in the Lazarus Group is unknown, but this group is usually the one North Korean vulnerabilities of the enemy and distributing maliciously payloads, if instructed by the regime ”.

The fourth and final section of Bureau 121 is Electronic Warfare Jamming Regiment, which consists of three military battalions. This last section is a classic military unit with specific bases.

Many North Korean hackers operate from abroad

However, the US military says that the first three sections are more relaxed in organization. Many of their members travel and do their work from abroad, in countries such as Belarus, the China, India, Malaysia, and Russia.

Older reports have revealed that Pyongyang's regime allows hackers to work from abroad to set up companies that serve as cover for building server infrastructure abroad, as well as for money laundering.

In September 2019, the US Treasury Department imposed sanctions on some of these companies, alleging that they were involved in hacking Bureau 121 teams. The aim was to steal funds to support programs related to weapons and missiles of North Korea.

However, while the US Army report acknowledges that North Korean hackers have been involved in financial crimes in the cyberspace, army officials go even further and describe the entire North Korean government as a criminal network, with Kim's regime involved in a wide range of activities including drug trafficking, trafficking and many cybercrimes.