North Korea’s primary spy agency has a special cell named Unit 180. This unit is likely to have launched a few of the most daring and successful cyber attacks according to defectors, officials, and security experts.
The regime’s cyberwarfare unit became a priority after the U.S. invaded Iraq in 2003. After Kim Jong-il watched the American “shock and awe” campaign on CNN, he issued a warning to his military: “If warfare was about bullets and oil until now,” Kim reportedly told top commanders, according to a prominent defector, Kim Heung-kwang, “warfare in the 21st century is about information.”
According to Ben Buchanan, the author of “The Cybersecurity Dilemma” and a fellow at the Cyber Security Project at Harvard, “There was an enormous growth in capability from 2009 or so, when they were a joke. They would execute a very basic attack against a minor web page put up by the White House or an American intelligence agency, and then their sympathizers would claim they’d hacked the U.S. government. But since then, their hackers have gotten a lot better.”
Today, North Korea’s cyberwarfare unit poses a real threat to the west.
When Kim Jong-Un succeeded his father in 2011, he expanded the cyber mission beyond just a weapon of war. Today, the unit also focuses on theft, harassment, and political-score settling.
In the years since his succession, North Korea has been blamed for a series of online attacks on mostly financial networks in the U.S., South Korea, and over a dozen other countries.
Cyber security researchers have found technical evidence linking North Korea to the global WannaCry ransomware attack that infected more than 300,000 computers in 150 countries in May of this year.
North Korea is also alleged to be involved with the hacking group Lazarus that is linked to last year’s $81 million cyber heist at the Bangladesh central bank. When North Korean hackers tried to steal $1 billion from the New York Federal Reserve last year in the same attack, it was just a spelling error that stopped them when bankers became suspicious of a withdrawal request that misspelled the word “foundation” as “fandation.”
The North’s hackers also made headlines internationally in 2014 when they broke into Sony’s Hollywood operation as the company was preparing to release “The Interview,” the Seth Rogen and James Franco comedy about meeting the North Korean leader. Sony CEO Kazuo Hirai called the attack “vicious and malicious” as it revealed embarrassing emails.
Then this year, the country’s hackers began increasing their efforts to secure bitcoin and other cryptocurrencies that could be used to avoid trade restrictions, increasing attacks on exchanges in South Korea and other related sites.
But Unit 180 is upping its game.
According to a report from Bloomberg, the country’s hackers “stole military plans developed by the U.S. and South Korea last year that included a highly classified ‘decapitation strike’ against the North Korean leader” according to a lawmaker from South Korea. The plans were devised as the regime began stepping up its nuclear tests, firing long-range missiles toward the Pacific Ocean.
“The plan is fundamental to conducting a war operation and leakage of even a small part of it is very critical,” said Rhee Cheol-hee, a South Korean ruling party lawmaker, in a telephone interview. “How could we fight against an enemy and win a war if it’s already aware of our strategy?”
As trade sanctions and a debilitated domestic economy have made it difficult to invest in conventional military capabilities, North Korea has been developing its cyber capabilities. Hackers offer a more cost-effective way to threaten its rivals who rely more heavily on technological systems. The country is said to employ 1,700 state-sponsored hackers, with more than 5,000 support staff.
“There is no doubt that they are using their capability in creative ways,” said Fergus Hanson, head of the International Cyber Policy Centre at the Australian Strategic Policy Institute in Canberra. “Stealing battle plans is obviously a good idea from a military point of view and they’re also monetizing their capability to get around sanctions.”
While North Korea’s cyberwarfare division begins to pose a real threat to the U.S. and South Korea, its connectivity and limited reliance on technology makes it far less vulnerable to the same types of attacks it is unleashing. “For South Korea, these targeted attacks from North Korea are not new. South Korea has relatively strong cyber security, but it faces an adversary with a significant asymmetric advantage,” said Bryce Boland, CTO for the Asia-Pacific region at security firm FireEye.
The regime’s increasingly bold cyber attacks have advanced in tandem with the hermit regime’s rapidly progressing ballistic missile and nuclear programs.
“North Korea’s cyber weapons are as destructive as its conventional weapons,” Lim Jong-in, a cyber security professor at Korea University, told CNN. “Tomahawk missiles can paralyze a major country’s power grid and financial system. So do North Korea’s cyber weapons.”
It seems North Korea’s cyber capabilities pose as much of a threat, if not more of a threat, as its chemical weapons program, nuclear warheads, and the world’s fourth-largest standing army, something the U.S. may want to consider as tensions escalate between the Trump administration and Kim Jong-Un’s regime.