A recently released report by the U.S. Department of Army has claimed that North Kore may have over 6,000 hackers working on behalf of the Kim Jong Un regime around the globe.
As per the North Korean edition of the U.S. Army Techniques Publication (ATP), these cybercriminals have been operating from several countries including Belarus, China, India, Malaysia, and Russia. The report is believed to be created to determine what the U.S. should expect from the highly secretive North Korea and DPRK's army in the event of any active conflict.
The North Korean Tactics
Over 300 pages long manual names Bureau 121 as the "primary organization responsible for computer warfare" inside the Kim Jong Un's North Korea. As per some North Korean defectors, this sophisticated cyber-warfare cell that includes some of the most talented computer experts in the country is part of the General Bureau of Reconnaissance, an elite spy agency run by the military.
However, as the manual says, Bureau 121 was controlling at least 1,000 elite hackers in 2010 who focused on other countries' computer systems, while in 2009 the cyber-warfare unit was fed by North Korea's Mirim College at the rate of almost 100 cyberspace hackers per year.
Apart from the elite group, Bureau 121 has over 6,000 members, and many of them operating from other countries, such as China, India, Malaysia, Belarus, and Russia. The manual also says "North Korean computer hackers have even been able to access secure systems and steal South Korean war plans." There are four subordinate units below Bureau 121 which are -- the Andarial Group, the Bluenoroff Group, Electronic Warfare Jamming Regiment, and the Lazarus Group.
The North Korean Hackers
The Andariel Group has 1,600 members and aims to "gather information by conducting reconnaissance on enemy computer systems," while Bluenoroff group with 1,700 members conducts "financial cybercrime." The Electronic Warfare Jamming Regiment is located in North Korea's capital Pyongyang. The infamous Lazarus Group's mission is to create social chaos.
As per the report, the electronic intelligence warfare (EIW) hackers may be used for information attacks against the U.S. systems during hostilities, and this may involve "altering data, stealing data, or forcing a system to perform a function for which it was not intended, such as creating false information in a targeting or airspace control system."
The manual also stated that data manipulation is possibly one of the "most dangerous techniques available to North Korea. For example, interfering with navigation systems, as well as tampering with position data belonging to enemy and friendly units, weapons guidance systems, targeting systems or timing systems. It added that "any Internet capable or networkable system is at potential risk."
The author of the manual APT 7-100.2, David Pendleton in a recent podcast said that these tactics are a small part of the larger strategy to capture Seoul. He said, "[They want to] make it sort of like with what the Russians did with Crimea," and "when, you know, Crimea was taken over and 'Boom, it's all over,'" but the international community decided not to interfere in this matter.
Pendleton said within the past three months, "the North Koreans have set out a goal to recruit even more computer hackers from their universities, so they're putting more emphasis on that."