Wikipedia

Bureau 121: Difference between revisions

Browse history interactively
← Previous edit
Content deleted Content added
VisualWikitext
No edit summary
No edit summary
 
(31 intermediate revisions by 20 users not shown)
Line 1:
{{Short description|North Korean cyberwarfare agency}}
'''Bureau 121''' is a [[North Korea]]n [[cyberwarfare]] agency, which is part of the [[Reconnaissance General Bureau]] of North Korea's [[Military of North Korea|military]].<ref name = reuters>{{cite web| url= https://www.reuters.com/article/2014/12/05/us-sony-cybersecurity-northkorea-idUSKCN0JJ08B20141205 | first1 =Ju-Min | last1 = Park | first2 = James | last2 = Pearson| title= In North Korea, hackers are a handpicked, pampered elite | publisher =[[Reuters]] |date = December 5, 2014 | accessdate= December 18, 2014}}</ref><ref name=guardian>{{cite web|last1=Gibbs|first1=Samuel|title=Did North Korea's notorious Unit 121 cyber army hack Sony Pictures?|url=https://www.theguardian.com/technology/2014/dec/02/north-korea-hack-sony-pictures-brad-pitt-fury|work=[[The Guardian]]|date = December 2, 2014 |accessdate=January 20, 2015}}</ref> According to American authorities, the RGB manages [[clandestine operation]]s and has six bureaus.<ref>{{cite web| url=https://fas.org/irp/world/dprk/ | author=John Pike|title=North Korean Intelligence Agencies| publisher=Federation of American Scientists, Intelligence Resource Program |date= |accessdate=January 20, 2015}}</ref><ref name=arc>{{cite web| url=
'''Bureau 121'''{{refn|AKA: Department/Office/Unit 121, Electronic Reconnaissance Department, or the Cyber Warfare Guidance Department<ref name="Pinkston2016">
https://fas.org/irp/world/dprk/dod-2013.pdf |author=[[United States Department of Defense]]| title=Military and Security Developments Involving the Democratic People's Republic of Korea 2013|publisher=Federation of American Scientists| date= |accessdate=January 20, 2015}}</ref>
{{cite journal |last1=Pinkston |first1=Daniel A. |title=Inter-Korean Rivalry in the Cyber Domain: The North Korean Cyber Threat in the "Sŏn'gun" Era |journal=Georgetown Journal of International Affairs |date=2016 |volume=17 |issue=3 |pages=67–68 |jstor=26395976 |url=https://www.jstor.org/stable/26395976 |issn=1526-0054}}
</ref><ref name="Park2019">
{{cite thesis |last=Park |first=Donghui |date=2019 |title=North Korea's Cyber Proxy Warfare: Origins, Strategy, and Regional Security Dynamics |type=PhD |chapter=3.5 North Korea’s Cyber Proxy Warfare Strategy |pages=137–150 |publisher=University of Washington |chapter-url=https://digital.lib.washington.edu/researchworks/bitstream/handle/1773/43956/Park_washington_0250E_20149.pdf}}
</ref><ref name="Gause2015">
{{cite web |last1=Gause |first1=Ken E. |title=North Korea's Provocation and Escalation Calculus: Dealing with the Kim Jong-un Regime |url=https://apps.dtic.mil/sti/pdfs/ADA621100.pdf |archive-url=https://web.archive.org/web/20210306123410/https://apps.dtic.mil/sti/pdfs/ADA621100.pdf |url-status=live |archive-date=March 6, 2021 |website=Defense Technical Information Center |publisher=CNA Analysis & Solutions |date=August 2015}}
</ref>}} is a [[North Korea]]n [[cyberwarfare]] agency, and the main unit of the [[Reconnaissance General Bureau]] (RGB) of North Korea's [[Military of North Korea|military]].<ref name="AFPC2016">
{{cite web|title=Strategic Primer: Cybersecurity |url=https://www.afpc.org/uploads/documents/Cybersecurity%20Primer%20-%20March%202016%20(for%20web).pdf |website=American Foreign Policy Council |page=11 |date=2016}}
</ref><ref name="Bartlett2020">{{cite web |last1=Bartlett |first1=Jason |title=Exposing the Financial Footprints of North Korea's Hackers |url=https://www.cnas.org/publications/reports/exposing-the-financial-footprints-of-north-koreas-hackers |website=Center for a New American Security |date=2020}}
</ref><ref name = reuters>
{{cite web | url=https://www.reuters.com/article/us-sony-cybersecurity-northkorea-idUSKCN0JJ08B20141205 | first1= Ju-Min | last1= Park | first2= James | last2= Pearson | title= In North Korea, hackers are a handpicked, pampered elite | publisher= [[Reuters]] | date= December 5, 2014 | access-date= December 18, 2014 | archive-date= December 19, 2014 | archive-url= https://web.archive.org/web/20141219023843/http://www.reuters.com/article/2014/12/05/us-sony-cybersecurity-northkorea-idUSKCN0JJ08B20141205 | url-status= live }}
</ref><ref name=guardian>
{{cite web|last1=Gibbs|first1=Samuel|title=Did North Korea's notorious Unit 121 cyber army hack Sony Pictures?|url=https://www.theguardian.com/technology/2014/dec/02/north-korea-hack-sony-pictures-brad-pitt-fury|work=[[The Guardian]]|date = December 2, 2014 |access-date=January 20, 2015}}</ref> It conducts offensive cyber operations, including espionage and cyber-enabled finance crime.<ref name="Bartlett2020"/><ref name="AFPC2016"/> According to American authorities, the RGB manages [[clandestine operation]]s and has six bureaus.<ref>{{cite web| url=https://fas.org/irp/world/dprk/ | author=John Pike|title=North Korean Intelligence Agencies| publisher=Federation of American Scientists, Intelligence Resource Program |access-date=January 20, 2015}}</ref><ref name=arc>{{cite web| url=https://fas.org/irp/world/dprk/dod-2013.pdf |author=United States Department of Defense |author-link=United States Department of Defense | title=Military and Security Developments Involving the Democratic People's Republic of Korea 2013|publisher=Federation of American Scientists|access-date=January 20, 2015}}</ref>
 
Cyber operations are thought to be a cost-effective way for North Korea to maintain an asymmetric military option, as well as a means to gather intelligence; its primary intelligence targets are South Korea, Japan, and the United States.<ref name=arc/> Bureau 121 was created in 1998.<ref name=nyt1/>
 
==StaffingHistory==
Bureau 121 was created in 1998.<ref name=nyt1/>
According to a report by [[Reuters]], Bureau 121 is staffed by some of North Korea's most talented computer experts and is run by the Korean military.<ref name=reuters/> A defector indicated that the agency has about 1,800 specialists. Many of the bureau's [[Hacker (computer security)|hacker]]s are hand-picked graduates of the University of Automation, [[Pyongyang]]<ref name =reuters/> and spend five years in training.<ref>{{Cite news|url=http://www.bbc.co.uk/newsbeat/article/32926248/bureau-121-north-koreas-elite-hackers-and-a-tasteful-hotel-in-china|title=Bureau 121: North Korea's elite hackers and a 'tasteful' hotel in China|last=Waterhouse|first=James|date=2015-05-19|work=BBC News|access-date=2017-04-27|last2=Doble|first2=Anna|language=en-GB}}</ref> While these specialists are scattered around the world, their families benefit from special privileges at home.<ref name="wh">{{cite news|url=http://wwlp.com/2014/12/19/white-house-viewing-sony-hack-as-national-security-threat/|title=White House viewing Sony hack as national security threat|last=Sciutto|first=Jim|date=19 December 2014|work=CNN|archive-url=https://web.archive.org/web/20141219121315/http://wwlp.com/2014/12/19/white-house-viewing-sony-hack-as-national-security-threat/|archive-date=2014-12-19|url-status=dead|publisher=WWLP 22 News}}</ref>
 
==Targets and methods==
The activities of the agency came to public attention in December 2014 when [[Sony Pictures]] canceled the opening of its movie ''[[The Interview]]'' after its computers [[Sony Pictures Entertainment hack|had been hacked]].<ref name= variety-interviewdropped>{{cite web|title=Major U.S. Theaters Drop 'The Interview' After Sony Hacker Threats|url= https://variety.com/2014/film/news/major-u-s-theaters-drop-the-interview-after-sony-hacker-threats-1201381861/ |website= Variety | accessdateaccess-date =December 17, 2014 | last1 = Lang | first1 = Brett |date= 17 December 2014 }}</ref><ref>{{cite web |url= http://www.cnn.com/2014/12/18/politics/u-s-will-respond-to-north-korea-hack/ | first1 =Pamela | last1 = Brown | first2 = Jim | last2 = Sciutto | first3 = Evan | last3 = Perez | first4 = Jim | last4 = Acosta | first5 = Eric | last5 = Bradner |title=U.S. will respond to North Korea hack, official says| publisher = [[CNN]] |date=December 18, 2014| accessdateaccess-date = December 18, 2014}}</ref> Bureau 121 has been blamed for the cyber breach, but North Korea has rejected this accusation.<ref name = abc />
 
Much of the agency's activity has been directed at [[South Korea]].<ref name = reuters /><ref name=arc/> Prior to the attack at Sony, North Korea was said to have attacked more than 30,000 PCs in South Korea affecting banks and broadcasting companies as well as the website of South Korean President [[Park Geun-Hyehye]].<ref name = reuters /><ref name=arc/><ref>{{cite web| url=https://www.bloomberg.com/news/2013-06-25/s-korea-president-s-websites-closed-for-review.html| author=Sangwon Yoon, Shinyye Kang |title=S. Korea Government, Media Sites Hacked Closed for Review| publisher=[[Bloomberg News|Bloomberg]] |date=June 25, 2013 |accessdateaccess-date=December 20, 2014}}</ref> North Korea has also been thought to have been responsible for infecting thousands of South Korean smartphones in 2013 with a malicious gaming application.<ref name=abc>{{cite news |url = https://abcnews.go.com/Politics/sony-hack-believed-routed-infected-computers-overseas/story?id=27667840 | title= Sony Hack Believed to Be Routed Through Infected Computers Overseas | first = Jack | last = Cloherty | work = ABC News | place = US | date= 17 December 2014 | publisher = Go}}</ref> The [[2013 South Korea cyberattack|attacks on South Korea]] were allegedly conducted by a group then called DarkSeoul Gang and estimated by the computer security company [[NortonLifeLock|Symantec]] to have only 10 to 50 members with a "unique" ability to infiltrate websites.<ref name=reuters/>
 
American authorities believe that North Korea has military offensive cyber operations capability and may have been responsible for malicious cyber activity since 2009.<ref name=arc/> As part of its sophisticated set-up, cells from Bureau 121 are believed to be operating around the world.<ref name="HHS2021">{{cite web |last=Healthcare Sector Cybersecurity Coordination Center |first=(HC3) |title=North Korean Cyber Activity |url=https://www.hhs.gov/sites/default/files/dprk-cyber-espionage.pdf |website=U.S. Department of Health & Human Services |date=2021}}</ref><ref name=wh/><ref>{{cite episode | series = [[The Lead with Jake Tapper]] | first = Jake | last = Tapper | network = CNN | airdate = 18 December 2014 | url = http://thelead.blogs.cnn.com/2014/12/18/panel-is-north-korea-waging-a-cyberwar | title = Panel: Were North Korean "cyber soldiers" behind Sony hack? | access-date = 21 January 2015 | archive-date = 26 March 2021 | archive-url = https://web.archive.org/web/20210326012906/https://thelead.blogs.cnn.com/2014/12/18/panel-is-north-korea-waging-a-cyberwar/ | url-status = dead }}</ref> One of the suspected locations of a Bureau 121 cell is the Chilbosan Hotel in [[Shenyang]], China.<ref name=nyt1>{{Cite web |url=https://www.nytimes.com/2015/01/19/world/asia/nsa-tapped-into-north-korean-networks-before-sony-attack-officials-say.html?_r=1 |author=David E. Sanger, Martin Fackler|
title=N.S.A. Breached North Korean Networks Before Sony Attack, Officials Say |publisherwork=[[nytimes.com]] |date=January 18, 2015| accessdateaccess-date=January 20, 2015}}</ref><ref name=Chilbosan>{{cite news|last1=Daly|first1=Michael|title=Inside the 'Surprisingly Great' North Korean Hacker Hotel|url=http://www.thedailybeast.com/articles/2014/12/20/inside-the-surprisingly-great-north-korean-hacker-hotel.html|accessdateaccess-date=25 December 2014|agency=The Daily Beast|date=December 20, 2014}}</ref><ref name="AFPC2016"/>
 
South Korea has also repeatedly blamed Bureau 121 for conducting GPS jamming aimed at South Korea. The most recent case of jamming occurred on 1 April 2016.
 
==Structure==
Bureau 121 consists of the following units as of 2019:<ref>{{cite conference |url=https://ccdcoe.org/uploads/2019/06/Art_08_The-All-Purpose-Sword.pdf |title=The All-Purpose Sword: North Korea's Cyber Operations and Strategies |last1=Kong |first1=Ji Young |last2=Lim |first2=Jong In |last3=Kim |first3=Kyoung Gon |date=2019 |conference=2019 11th International Conference on Cyber Conflict |publisher=NATO |location=Tallinn, Estonia |doi=10.23919/CYCON.2019.8756954}}</ref>
 
* [[Lab 110]]<ref name=":2">{{Cite web|url=https://csis-prod.s3.amazonaws.com/s3fs-public/legacy_files/files/publication/141218_Cyber_Operations_North_Korea.pdf|title=The Organization of Cyber Operations in North Korea|website=Center for Strategic and International Studies (CSIS)|access-date=2020-06-28|archive-date=2019-06-30|archive-url=https://web.archive.org/web/20190630205539/https://csis-prod.s3.amazonaws.com/s3fs-public/legacy_files/files/publication/141218_Cyber_Operations_North_Korea.pdf|url-status=dead}}</ref>
** Office 98
** Office 414
** Office 35
* [[Unit 180]]<ref name="Reuters">{{cite news |url=https://www.reuters.com/article/us-cyber-northkorea-exclusive-idUSKCN18H020 |title=Exclusive: North Korea's Unit 180, the cyber warfare cell that worries the West |first1=Ju-min |last1=Park |first2=James |last2=Pearson |publisher=[[Reuters]] |editor-first=Raju |editor-last=Gopalakrishnan |archive-url=https://web.archive.org/web/20170521121302/https://www.reuters.com/article/us-cyber-northkorea-exclusive-idUSKCN18H020 |archive-date=May 21, 2017}}</ref>
* Unit 91
* 128 Liaison Office
* 413 Liaison Office
 
===Staffing===
Bureau 121 is the largest (more than 600 hackers) and most sophisticated unit in the RGB.<ref name="AFPC2016"/><ref name="Bartlett2020"/><ref name="HHS2021"/> According to a report by [[Reuters]], Bureau 121 is staffed by some of North Korea's most talented computer experts and is run by the Korean military.<ref name=reuters/> A defector indicated that the agency has about 1,800 specialists. Many of the bureau's [[Hacker (computer security)|hacker]]s are hand-picked graduates of the University of Automation, [[Pyongyang]]<ref name =reuters/> and spend five years in training.<ref>{{Cite news|url=http://www.bbc.co.uk/newsbeat/article/32926248/bureau-121-north-koreas-elite-hackers-and-a-tasteful-hotel-in-china|title=Bureau 121: North Korea's elite hackers and a 'tasteful' hotel in China|lastlast1=Waterhouse|firstfirst1=James|date=2015-05-19|work=BBC News|access-date=2017-04-27|last2=Doble|first2=Anna|language=en-GB}}</ref> WhileA these2021 specialistsestimate aresuggested scatteredthat aroundthere themay be over world6,000 theirmembers familiesin benefitBureau from121, specialwith privilegesmany atof home.<refthem name="wh">{{citeoperating news|url=http://wwlp.com/2014/12/19/white-house-viewing-sony-hack-as-national-security-threat/|title=Whitein Houseother viewingcountries, Sony hacksuch as nationalBelarus, securityChina, threat|last=Sciutto|first=Jim|date=19India, DecemberMalaysia, 2014|work=CNN|archive-url=https://weband Russia.archive.org/web/20141219121315/http://wwlp.com/2014/12/19/white-house-viewing-sony-hack-as-national-security-threat/|archive-date<ref name=2014-12-19|url-status=dead|publisher=WWLP 22 News}}<"HHS2021"/ref>
 
While these specialists are scattered around the world, their families benefit from special privileges at home.<ref name="wh">{{cite news|url=http://wwlp.com/2014/12/19/white-house-viewing-sony-hack-as-national-security-threat/|title=White House viewing Sony hack as national security threat|last=Sciutto|first=Jim|date=19 December 2014|work=CNN|archive-url=https://web.archive.org/web/20141219121315/http://wwlp.com/2014/12/19/white-house-viewing-sony-hack-as-national-security-threat/|archive-date=2014-12-19|url-status=dead|publisher=WWLP 22 News}}</ref>
 
==Alleged operations==
Line 29 ⟶ 58:
* [[Tailored Access Operations]], USA
* [[PLA Unit 61398]], China
* [[Unit 180]], North Korean cyberwarfare cell, a component of the Reconnaissance General Bureau
* [[Lazarus Group]]
 
==References==
{{reflistReflist|30em}}
 
{{Hacking in the 2010s}}
{{Authority control}}
 
[[Category:Cyberwarfare]]
[[Category:Reconnaissance General Bureau]]
Retrieved from "https://en.wikipedia.org/wiki/Bureau_121"