This post is also available in: עברית (Hebrew)
North Korea’s Reconnaissance General Bureau (RGB) is in charge of both traditional and cyber operations, and is known for sending agents abroad for training in cyber warfare. The RGB reportedly oversees six bureaus that specialize in operations, reconnaissance, technology and cyber matters, two of which have been identified as the No. 91 Office and Unit 121. The two bureaus in question comprise of intelligence operations and are based in China.
The RGB also reportedly oversees state-run espionage businesses located in 30 to 40 countries, often hosted in unsuspecting places such as cafes. Members of this espionage network reportedly “send more than $100 million in cash per year to the regime and provide cover for spies,” the report says.
In addition, the country’s Worker’s Party oversees a faction of ethnic North Koreans living in Japan. Established in 1955, the group – dubbed the Chosen Soren – refuse to assimilate in to Japanese culture and live in the country in order to covertly raise funds via weapons trafficking, drug trafficking and other black market activities. The group also gathers intelligence for the country and attempts to procure advanced technologies.
Despite ageing infrastructure and power supply problems, North Korea reportedly was able to gain access to 33 of 80 South Korean military wireless communication networks in 2004, and an attack on the US State Department believed to be approved by North Korean officials coincided with US-North Korea talks over nuclear missile testing in the same time period. In addition, a month later, South Korea claimed that Unit 121 was responsible for hacking into South Korean and US defense department networks.
North Korea also tested a logic bomb in 2007 – malicious code programmed to execute based on a pre-defined triggering event – which led to a UN sanction banning the sale of particular hardware to the country.
According to the report, the regime regularly exploits computer games in order to gain financially and orchestrate cyberattacks. In 2011, South Korean law enforcement arrested five men for allegedly collaborating with North Korea to steal money via online games, specifically the massive multiplayer online role-playing game (MMORPG) “Lineage.” The games were believed to act as conduits for North Korea to infect PCs and launch distributed denial of service (DDoS) attacks against its southern neighbor.
However, it is worth noting that North Korea’s DDoS capabilities are lacking as there are few outgoing connections due to heavy censorship and Internet restriction. This is why researchers believe the country uses the networks of other nations and botnets instead.
The full HP report is available here (.PDF). The analysis is based on open source intelligence gathered HP’s security team.