The 332-page document contains a wealth of valuable information about the Korean People’s Army (KPA), including its tactics, weapons, leadership structure, troop types, logistics, and electronic warfare capabilities. In addition, it provides some information about the secret hacker division of the KPA.
According to the report, the so-called “Bureau 121”, which is a subdivision of the Intelligence Directorate of the General Staff of the KPA, is responsible for most of the military-cyber operations. It has grown significantly over the past few years as Pyongyang expanded its operations in cyberspace. So, if in 2010 “Bureau 121” numbered 1,000 well-trained hackers, now their number has exceeded 6,000.
Bureau 121 has four main divisions. Three of them are responsible for cyberspace operations and one for electronic warfare.
The first unit is called the Andariel Group and is the APT group (a group of hackers working for the government). The Andariel Group includes 1,600 people “whose mission is to gather information by conducting reconnaissance on enemy computer systems and creating an initial vulnerability assessment,” the report said. It is the Andariel Group that creates a map of enemy networks for further cyber attacks.
The second division is an APT group called Bluenoroff Group. It consists of 1.7 thousand hackers “whose mission is to carry out financial cybercrimes.” Bluenoroff Group’s tactic is to assess and exploit vulnerabilities in the enemy’s network in the long term.
The fourth division responsible for electronic warfare is the Electronic Warfare Jamming Regiment. It consists of three military battalions and numbers 2-3 thousand servicemen. This unit is a classic military formation, and its operations are conducted from three military bases in the DPRK.
Unlike the Warfare Jamming Regiment, Bureau 121’s three hacker divisions are more loosely organized, and their employees are allowed to travel overseas and conduct their operations from there. In particular, many operations of North Korean hackers are carried out from the territory of Belarus, Russia, China, India and Malaysia. Abroad, hackers register shell companies that serve as cover for malicious server infrastructure and money-laundering operations.
ORIGINAL PAGE –