Posted on August 18, 2020 at 5:08 PM
The US Army revealed that many North Korean hackers are operating from outside the hermit kingdom, in countries such as Russia, Malaysia, India, China, and Belarus.
In line with the revelation, the report revealed that North Korea has about 6,000 electronic warfare specialists and hackers working in its ranks.
The report is a tactical manual the US Army utilizes to offer training to military leaders and troops on the activities of their foes. The US Army made the report public last month for the first time.
The 332-page report has a massive trove of information about the Korean People’s Army (KPA), including the army’s electronics warfare capabilities, logistics, troop types, leadership structure, weapons arsenal, as well as military tactics.
Although most parts of the report deal with common military tactics and capabilities, it also reveals some things about North Korea-backed hacking groups.
The report reveals that most cyberspace warfare and electronic warfare operations take place within the Cyber Warfare Guidance unit, which is generally known as Bureau 121.
This present assessment is not too different from previous reports from cybersecurity and intelligence communities, which equally linked the North Korean hackers to the Bureau 121. It’s a part of the Intelligence agency of North Korea, which is also part of its National Intelligence Commission.
North Korean group has grown to 6,000
The US Army revealed that North Korea’s expansion of its cyberspace activities has led to the exponential growth of the Bureau 121
According to the report, the Bureau 121 was formerly comprised of about 1,000 members in 2010. However, 10 years later, they have grown to more than 6,000 members, which is evidence of increased and expansive cyber activity.
In line with this figure, the South Korean Defense Ministry reported that North Korea was controlling a cyber warfare group with 3,000 members in 2013. But in 2015, the number almost doubled to 6,000. This means that the present number may be way more than 6,000, as the U.S. Army has noted that its data is not completely accurate.
Additionally, the new US Army report also revealed that the Bureau 121 has different operational segments.
The report says Bureau 121 is made up of four main sub-divisions, with one dedicated to electronic warfare while the other three are channeled to cyber-warfare.
The cyber-security community calls the first sub-division the Andariel group, which is an advanced persistent threat (APT) used to describe hacking groups backed by nationwide government sponsors.
According to the report by the Army officials, the Andariel group is made up of 1,600 members whose main job is to gather information. They do this by carrying out reconnaissance on enemy computer systems and generating an initial assessment of the vulnerability of the network.
“This group maps the enemy network for a potential attack,” US Army officials revealed.
The cyber-security community calls the second 121 sub-division the Bluenoroff Group. According to the U.S Army, the second APT group has about 1,700 hackers with the mission of carrying out financial cybercrime. They used long-term assessments to exploit the vulnerabilities of an enemy network.
The third subdivision is the most popular group, which is known to the cyber-security community as the Lazarus Group. It is commonly used to describe any type of hacking activity orchestrated by the North Korean-backed groups.
The U.S. Army officials said they are not sure the number of members that are part of the Lazarus group. However, the sub-group plays an important role in Bureau 121 as its role is to deliver a payload and cause social chaos within a vulnerable network.
They do these to find vital information and generate funds through ransomware for North Korea’s nuclear weapon program.
Electronic warfare is the last sub-group of the Bureau 121 division, which contains three military battalions who are responsible for jamming electronic equipment. This group is a complete military unit, who are operating out of military bases in Kungang, Haeja, and Kaesong.
The latest revelation shows that the group is loosely organized as many of them have their operational base outside North Korea. These bases include Russia, Malaysia, India, China, and Belarus.
However, the U.S. Army report does not reveal the reasons why the North Korean government allows its military hackers to travel abroad.