Threat Watch

US Army Assesses That North Korea’s Cyber-Forces Number Over 6,000 Members Worldwide

North Korea: After last week’s development that North Korean hackers appeared to have recruited native English speakers, the US Army published a new report on North Korean tactics. The report is an overview of both traditional military domains and cyber tactics utilized by various groups within North Korea. Of interest, the report specifically called out that North Korea’s hacking division, known as Bureau 121, employs at least 6,000 hackers located in multiple nations around the world. The report also details which groups operate within Bureau 121 and what each group is responsible for according to the US Army’s monitoring and understanding of North Korea’s cyber-operations. The assessment of 6,000 hackers was believed to have been accurate by both the US Army and the South Korean Defense Ministry back in 2015, but it is likely to be much higher now. It was believed that as of 2009, North Korea’s Mirim College was graduating approximately 100 hackers per year.

ANALYST NOTES

Much of the report from the US Army focuses on military tactics and capabilities, but the section on Bureau 121 provides more insight into North Korea’s cyber operations. Since it is believed that Bureau 121 numbers over 6,000 members worldwide, it is interesting that the group may be recruiting new members to support their operations in other areas of the world–including possibly recruiting native English speakers. Following the public release of the name Lazarus Group, it became the industry default for North Korean attribution. While Lazarus Group is believed to have an extensive number of individuals involved in their operations, they are not the only group operating out of North Korea. The report focuses on an often-forgotten part of North Korea’s Bureau 121 known as the Bluenoroff Group. The Army report indicates that the Bluenoroff Group is primarily responsible for financial crimes and the long term assessment of exploiting targeted networks. It is both interesting and valuable that the Army would release this report publicly as unclassified. More information on this topic can be found at https://www.zdnet.com/article/us-army-report-says-many-north-korean-hackers-operate-from-abroad/

The US Army report on North Korean tactics can be found at the link below and information on the nation’s cyber operations can be found on page 277. https://www.documentcloud.org/documents/7038686-US-Army-report-on-North-Korean-military.html