print PRINT

SECURITY > Cybersecurity

Analysis: DPRK’s cyber warriors behind the latest ransomware attack

  • May 25, 2017
  • , Nikkei , p. 2
  • JMH Translation

North Korea is suspected of involvement in the global ransomware virus attack that erupted on May 12. What the international community deems right is not applicable to the authoritarian state. Though its cybersecurity expertise is “second rate,” it capitalizes on an advanced hacking code, which was leaked online, to cause tremendous damage. International efforts are underway to place suspects on the wanted list and impose sanctions [on the North], but they have yet to produce results.  


North Korea’s hacking group “Lazarus” is alleged to have connections with the country’s Reconnaissance General Bureau (RGB), a spy agency suspected of involvement in the killing of Kim Jong-nam. Rumor has it that the group mounted a cyberattack on Bangladesh Bank and stole 81 million dollars last year.


North Korea’s hacking activities accelerated following the launch of “Unit 121,” a core hacking group set up inside the RGB at the instruction of then General-Secretary Kim Jong-il in 1998. “The unit is home to elites plucked from across the country,” said Kim Heung-kwang, a North Korean defector who heads the North Korea Intellectuals Solidarity, a non-profit in South Korea.


Brilliant minds are selected nationwide and sent to the “Venus First” and “Venus Second” science and technology secondary schools in Pyongyang for IT training. After graduating there, they hone their skills at Hamhung University of Computer Technology and a national defense academy. The country is producing about 500 cyber warriors each year. There are now an estimated 7,000 in the country.


They are divided into teams and assigned with such tasks as “system analysis” and “coding.” They are based in Chinese cities, such as Dangdong, Shenyang, Changchun and Qingdao, and mount cyberattacks from Internet cafes there. They also operate in Malaysia by disguising themselves as migrant workers.


The general assessment of North Korea’s cyberattack capabilities is an “intermediate level.” Some experts believe North Korea lags behind the U.S. and China and is on par with Iran in hacking literacy.


The North Korean group uses a powerful hacking tool, commonly known in cybercrime circles, to make up for its lack in development knowhow. In the latest attack, it exploited a program developed by the U.S. National Security Agency and triggered massive virus infections across the globe.


The North appears to parlay cyberattacks into foreign currency. These crimes are becoming an important source of income as the regime is under international sanctions for its development of nuclear and missile programs. The cyber unit, in the guise of Chinese firms, is contracting the development of software programs used in IT devices and home appliances.


Cybersecurity experts analyze that North Korea’s special cyber unit is unpredictable, just like leader Kim Jong-un, who is exposing his country to risk of brinkmanship. The latest ransomware virus caused interruptions in social infrastructure services in many countries. Once the regime finds cyberattacks effective in causing turmoil in other countries, it may resort to these tools as a weapon of the poor more frequently. (Abridged)

  • Ambassador
  • Ukraine
  • COVID-19
  • Trending Japan