US Army publishes report on group of North Korean hackers

According to the US Army, North Korea’s Bureau 121 has 6,000 hackers across several divisions, focused on carrying out different kinds of cryptocurrency and related cybercrimes

According to a report by the US Army, North Korea has amassed more than 6,000 hackers across different countries, such as Belarus, India, China, Malaysia and Russia.

The report, entitled North Korean Tactics, posits that the hackers do not exclusively perform cyberattacks from North Korea itself — because the country does not have the necessary IT infrastructure to deploy the massive campaigns on its own resources.

The report also highlights the activities of the Lazarus Group,  a cybercrime group with an unknown number of individuals that authorities have attributed several cyberattacks to over the last decade. It is one of the most known group of hackers around the world.

Local authorities believe that the group was behind the WannaCry malware attack that lasted from 2016 to 2017, as well as the infamous Sony Pictures hack.

They are also known by their other aliases, the Guardians of Peace and the Whois Team. One unit alongside the Lazarus Group, called the Bluenoroff Group, is estimated to have roughly 1,700 members and focuses on financial crimes. In particular, the group’s niche is in crypto crimes, where they “concentrate on long-term assessment and exploiting enemy network vulnerabilities”.

The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned two Chinese nationals, named Yinyin Tian and Juiadong Li, in March of this year. The pair were accused of laundering cryptocurrency that had been stolen in a crypto exchange hack that was linked to the Lazarus Group in 2018.

The latest reports suspect that the cybercriminals based in North Korea may be using untraceable privacy coins to convert their stolen funds into cash.

Aside from the Lazarus and the Bluenoroff Group, the report also named the Electronic Warfare Jamming Regiment and the Andarial Group. These four groups are under the Cyber Warfare Guidance Unit, more commonly referred to as Bureau 121.

The Electronic Warfare Jamming Regiment is rumoured to be located in Pyongyang, with other branches in Kaesong, Haeja and Kumgang. It appears to be the only group that the report mentions is located within North Korea.

Meanwhile, the Andarial Group has 1,600 members dedicated to gathering information on enemy computer systems and developing assessments on any network vulnerabilities. This group is responsible for mapping out the enemy network for any potential attacks.