Content deleted Content added
m Added Archive URLs to citations with dead URL |
No edit summary |
||
(39 intermediate revisions by 24 users not shown) | |||
Line 1:
{{Short description|North Korean cyberwarfare agency}}
'''Bureau 121'''{{refn|AKA: Department/Office/Unit 121, Electronic Reconnaissance Department, or the Cyber Warfare Guidance Department<ref name="Pinkston2016">
https://fas.org/irp/world/dprk/dod-2013.pdf |author=[[United States Department of Defense]]| title=Military and Security Developments Involving the Democratic People's Republic of Korea 2013|publisher=Federation of American Scientists| date= |accessdate=January 20, 2015}}</ref> Cyber operations are thought to be a cost-effective way for North Korea to maintain an asymmetric military option, as well as a means to gather intelligence; its primary intelligence targets are South Korea, Japan, and the United States.<ref name=arc/> Bureau 121 was created in 1998.<ref name=nyt1/>▼
{{cite journal |last1=Pinkston |first1=Daniel A. |title=Inter-Korean Rivalry in the Cyber Domain: The North Korean Cyber Threat in the "Sŏn'gun" Era |journal=Georgetown Journal of International Affairs |date=2016 |volume=17 |issue=3 |pages=67–68 |jstor=26395976 |url=https://www.jstor.org/stable/26395976 |issn=1526-0054}}
</ref><ref name="Park2019">
{{cite thesis |last=Park |first=Donghui |date=2019 |title=North Korea's Cyber Proxy Warfare: Origins, Strategy, and Regional Security Dynamics |type=PhD |chapter=3.5 North Korea’s Cyber Proxy Warfare Strategy |pages=137–150 |publisher=University of Washington |chapter-url=https://digital.lib.washington.edu/researchworks/bitstream/handle/1773/43956/Park_washington_0250E_20149.pdf}}
</ref><ref name="Gause2015">
{{cite web |last1=Gause |first1=Ken E. |title=North Korea's Provocation and Escalation Calculus: Dealing with the Kim Jong-un Regime |url=https://apps.dtic.mil/sti/pdfs/ADA621100.pdf |archive-url=https://web.archive.org/web/20210306123410/https://apps.dtic.mil/sti/pdfs/ADA621100.pdf |url-status=live |archive-date=March 6, 2021 |website=Defense Technical Information Center |publisher=CNA Analysis & Solutions |date=August 2015}}
</ref>}} is a [[North Korea]]n [[cyberwarfare]] agency, and the main unit of the [[Reconnaissance General Bureau]] (RGB) of North Korea's [[Military of North Korea|military]].<ref name="AFPC2016">
{{cite web|title=Strategic Primer: Cybersecurity |url=https://www.afpc.org/uploads/documents/Cybersecurity%20Primer%20-%20March%202016%20(for%20web).pdf |website=American Foreign Policy Council |page=11 |date=2016}}
</ref><ref name="Bartlett2020">{{cite web |last1=Bartlett |first1=Jason |title=Exposing the Financial Footprints of North Korea's Hackers |url=https://www.cnas.org/publications/reports/exposing-the-financial-footprints-of-north-koreas-hackers |website=Center for a New American Security |date=2020}}
</ref><ref name = reuters>
{{cite web | url=https://www.reuters.com/article/us-sony-cybersecurity-northkorea-idUSKCN0JJ08B20141205 | first1= Ju-Min | last1= Park | first2= James | last2= Pearson | title= In North Korea, hackers are a handpicked, pampered elite | publisher= [[Reuters]] | date= December 5, 2014 | access-date= December 18, 2014 | archive-date= December 19, 2014 | archive-url= https://web.archive.org/web/20141219023843/http://www.reuters.com/article/2014/12/05/us-sony-cybersecurity-northkorea-idUSKCN0JJ08B20141205 | url-status= live }}
</ref><ref name=guardian>
{{cite web|last1=Gibbs|first1=Samuel|title=Did North Korea's notorious Unit 121 cyber army hack Sony Pictures?|url=https://www.theguardian.com/technology/2014/dec/02/north-korea-hack-sony-pictures-brad-pitt-fury|work=[[The Guardian]]|date = December 2, 2014 |access-date=January 20, 2015}}</ref> It conducts offensive cyber operations, including espionage and cyber-enabled finance crime.<ref name="Bartlett2020"/><ref name="AFPC2016"/> According to American authorities, the RGB manages [[clandestine operation]]s and has six bureaus.<ref>{{cite web| url=https://fas.org/irp/world/dprk/ | author=John Pike|title=North Korean Intelligence Agencies| publisher=Federation of American Scientists, Intelligence Resource Program |access-date=January 20, 2015}}</ref><ref name=arc>{{cite web| url=https://fas.org/irp/world/dprk/dod-2013.pdf |author=United States Department of Defense |author-link=United States Department of Defense | title=Military and Security Developments Involving the Democratic People's Republic of Korea 2013|publisher=Federation of American Scientists|access-date=January 20, 2015}}</ref>
▲
==
Bureau 121 was created in 1998.<ref name=nyt1/>
According to a report by [[Reuters]], Bureau 121 is staffed by some of North Korea's most talented computer experts and is run by the Korean military.<ref name=reuters/> A defector indicated that the agency has about 1,800 specialists. Many of the bureau's [[Hacker (computer security)|hacker]]s are hand-picked graduates of the University of Automation, [[Pyongyang]]<ref name =reuters/> and spend five years in training.<ref>{{Cite news|url=http://www.bbc.co.uk/newsbeat/article/32926248/bureau-121-north-koreas-elite-hackers-and-a-tasteful-hotel-in-china|title=Bureau 121: North Korea's elite hackers and a 'tasteful' hotel in China|last=Waterhouse|first=James|date=2015-05-19|work=BBC News|access-date=2017-04-27|archive-url=|archive-date=|dead-url=|last2=Doble|first2=Anna|language=en-GB}}</ref> While these specialists are scattered around the world, their families benefit from special privileges at home.<ref name="wh">{{cite news|url=http://wwlp.com/2014/12/19/white-house-viewing-sony-hack-as-national-security-threat/|title=White House viewing Sony hack as national security threat|last=Sciutto|first=Jim|date=19 December 2014|work=CNN|access-date=|archive-url=https://web.archive.org/web/20141219121315/http://wwlp.com/2014/12/19/white-house-viewing-sony-hack-as-national-security-threat/|archive-date=2014-12-19|dead-url=yes|publisher=WWLP 22 News}}</ref>▼
==Targets and methods==
The activities of the agency came to public attention in December 2014 when [[Sony Pictures]] canceled the opening of its movie ''[[The Interview]]'' after its computers [[Sony Pictures Entertainment hack|had been hacked]].<ref name= variety-interviewdropped>{{cite web|title=Major U.S. Theaters Drop 'The Interview' After Sony Hacker Threats|url= https://variety.com/2014/film/news/major-u-s-theaters-drop-the-interview-after-sony-hacker-threats-1201381861/ |website= Variety |
Much of the agency's activity has been directed at [[South Korea]].<ref name = reuters /><ref name=arc/> Prior to the attack at Sony, North Korea was said to have attacked more than 30,000 PCs in South Korea affecting banks and broadcasting companies as well as the website of South Korean President [[Park Geun-
American authorities believe that North Korea has military offensive cyber operations capability and may have been responsible for malicious cyber activity since 2009.<ref name=arc/> As part of its sophisticated set-up, cells from Bureau 121 are believed to be operating around the world.<ref name="HHS2021">{{cite web |last=Healthcare Sector Cybersecurity Coordination Center |first=(HC3) |title=North Korean Cyber Activity |url=https://www.hhs.gov/sites/default/files/dprk-cyber-espionage.pdf |website=U.S. Department of Health & Human Services |date=2021}}</ref><ref name=wh/><ref>{{cite episode | series = [[The Lead with Jake Tapper]] | first = Jake | last = Tapper | network = CNN | airdate = 18 December 2014 | url = http://thelead.blogs.cnn.com/2014/12/18/panel-is-north-korea-waging-a-cyberwar | title = Panel: Were North Korean "cyber soldiers" behind Sony hack? | access-date = 21 January 2015 | archive-date = 26 March 2021 | archive-url = https://web.archive.org/web/20210326012906/https://thelead.blogs.cnn.com/2014/12/18/panel-is-north-korea-waging-a-cyberwar/ | url-status = dead }}</ref> One of the suspected locations of a Bureau 121 cell is the Chilbosan Hotel in [[Shenyang]], China.<ref name=nyt1>{{Cite web |url=https://www.nytimes.com/2015/01/19/world/asia/nsa-tapped-into-north-korean-networks-before-sony-attack-officials-say.html?_r=1 |author=David E. Sanger, Martin Fackler|
title=N.S.A. Breached North Korean Networks Before Sony Attack, Officials Say |
South Korea has also repeatedly blamed Bureau 121 for conducting GPS jamming aimed at South Korea. The most recent case of jamming occurred on 1 April 2016.
==Structure==
Bureau 121 consists of the following units as of 2019:<ref>{{cite conference |url=https://ccdcoe.org/uploads/2019/06/Art_08_The-All-Purpose-Sword.pdf |title=The All-Purpose Sword: North Korea's Cyber Operations and Strategies |last1=Kong |first1=Ji Young |last2=Lim |first2=Jong In |last3=Kim |first3=Kyoung Gon |date=2019 |conference=2019 11th International Conference on Cyber Conflict |publisher=NATO |location=Tallinn, Estonia |doi=10.23919/CYCON.2019.8756954}}</ref>
* [[Lab 110]]<ref name=":2">{{Cite web|url=https://csis-prod.s3.amazonaws.com/s3fs-public/legacy_files/files/publication/141218_Cyber_Operations_North_Korea.pdf|title=The Organization of Cyber Operations in North Korea|website=Center for Strategic and International Studies (CSIS)|access-date=2020-06-28|archive-date=2019-06-30|archive-url=https://web.archive.org/web/20190630205539/https://csis-prod.s3.amazonaws.com/s3fs-public/legacy_files/files/publication/141218_Cyber_Operations_North_Korea.pdf|url-status=dead}}</ref>
** Office 98
** Office 414
** Office 35
* [[Unit 180]]<ref name="Reuters">{{cite news |url=https://www.reuters.com/article/us-cyber-northkorea-exclusive-idUSKCN18H020 |title=Exclusive: North Korea's Unit 180, the cyber warfare cell that worries the West |first1=Ju-min |last1=Park |first2=James |last2=Pearson |publisher=[[Reuters]] |editor-first=Raju |editor-last=Gopalakrishnan |archive-url=https://web.archive.org/web/20170521121302/https://www.reuters.com/article/us-cyber-northkorea-exclusive-idUSKCN18H020 |archive-date=May 21, 2017}}</ref>
* Unit 91
* 128 Liaison Office
* 413 Liaison Office
===Staffing===
▲Bureau 121 is the largest (more than 600 hackers) and most sophisticated unit in the RGB.<ref name="AFPC2016"/><ref name="Bartlett2020"/><ref name="HHS2021"/> According to a report by [[Reuters]], Bureau 121 is staffed by some of North Korea's most talented computer experts and is run by the Korean military.<ref name=reuters/> A defector indicated that the agency has about 1,800 specialists. Many of the bureau's [[Hacker (computer security)|hacker]]s are hand-picked graduates of the University of Automation, [[Pyongyang]]<ref name =reuters/> and spend five years in training.<ref>{{Cite news|url=http://www.bbc.co.uk/newsbeat/article/32926248/bureau-121-north-koreas-elite-hackers-and-a-tasteful-hotel-in-china|title=Bureau 121: North Korea's elite hackers and a 'tasteful' hotel in China|
While these specialists are scattered around the world, their families benefit from special privileges at home.<ref name="wh">{{cite news|url=http://wwlp.com/2014/12/19/white-house-viewing-sony-hack-as-national-security-threat/|title=White House viewing Sony hack as national security threat|last=Sciutto|first=Jim|date=19 December 2014|work=CNN|archive-url=https://web.archive.org/web/20141219121315/http://wwlp.com/2014/12/19/white-house-viewing-sony-hack-as-national-security-threat/|archive-date=2014-12-19|url-status=dead|publisher=WWLP 22 News}}</ref>
==Alleged operations==
Line 29 ⟶ 58:
* [[Tailored Access Operations]], USA
* [[PLA Unit 61398]], China
* [[Lazarus Group]]
==References==
{{
{{Hacking in the 2010s}}
{{Authority control}}
[[Category:Cyberwarfare]]
[[Category:
[[Category:Military units and formations established in 1998]]
|