North Korea doubles units of its cyber army

North Korea has doubled the number of its elite cyber warriors over the past two years and established overseas bases to run hacking attacks.

The majority of people ignores that all over the world, many silent conflicts happen, the cyberspace is considered for this reason the fifth element of warfare. Unfortunately the effects of these cyber attacks could be serious and could also menace the population of a country, Stuxnet case demonstrated the fragility of a critical infrastructure and the efficiency of a cyber weapon.

One of the most intensive cyber dispute is the one that is fought by North Korea and South Korea, two countries with very good cyber capabilities, that in many cases have tried to hit their enemies from the cyberspace.

The tension between North Korea and South Korea is very high, both governments are spending a great effort to improve their cyber capabilities and to assert their supremacy over their rivals.

Early this year the Yonhap news agency reported that the Government of Seoul was working for the development of a cyber weapon to hit North Korean nuclear facilities. The decision to hit North Korean nuclear facilities is motivated by the intensification of the testing of nuclear weapons conducted in underground with controlled explosions by the Government of Pyongyang.

“Once the second phase plan is established, the cyber command will carry out comprehensive cyber warfare missions,” said a senior ministry official referring the possibility to target North Korean nuclear plants.

North Korea has the highest percentage of military personnel in relation to population, it has approximately 40 enlisted soldiers per 1000 people with a considerable impact on the budget of the country. Last year a defector has declared that North Korea has increased its cyber warfare unit to staff 3,000 people and it is massive training its young prodigies to become professional hackers.

But new revelations on the cyber capabilities of North Korea are worrying Seoul, the government of Pyongyang has doubled the number of the units of its cyber army. According to a report issued by the news agency, the number of cyber warriors of the The North Korea now is 5,900 and the cyber army has also established overseas bases for hacking attacks.

“The communist country operates a hacking unit under its General Bureau of Reconnaissance, which is home to some 1,200 professional hackers,” a military source was quoted as saying.

The South’s Yonhap news agency revealed that North Korean cyber units were involved in a series of cyber attacks launched through overseas bases in countries such as China. The North Korean cyber army hit many times the infrastructure of the South Korea, banks, military entities, media and TV broadcasters were hit with malware and other sophisticated techniques.

In July Mc Afee Lab experts revealed that hackers behind the recent attacks against South Korean infrastructure are professionals that designed also malicious code to steal military secrets to the South Korea and US military. Security experts at McAfee Labs revealed that the malware used during the attacks was expressly designed to find and steal secret information on US forces involved in joint exercises in South Korea.

Researchers dubbed the campaign Operation Troy due the numerous references into the source code of the city, the malicious code used appears the same implanted into a social media website used by military personnel in South Korea in 2009.

Ryan Sherstobitoff, a senior threat researcher at McAfee, provided to the The Associated Press a report that will be publicly issued later this week on the analysis of malware instances detected. Despite it is not clear the exact amount of information stolen, neither the exact networks penetrated by attackers, South Korean Government blamed North Korean state sponsored-hackers.

Researchers highlighted that there are various clues in the malicious code which lead to the North Korea, for example the password used to unlock encrypted files contains the number 38 probably linked to “38th parallel” that separates the North from South Korea.

Sherstobitoff started the investigation after the malware based attacks occurred on March 20^th, known as the Dark Seoul Incident, in which tens of thousands of hard drives belonging to television networks and banks in South Korea were wiped.

“This goes deeper than anyone had understood to date, and it’s not just attacks: It’s military espionage,” Sherstobitoff said

As usual, the North has denied any involvement and accuses South Korea of fabricating the incidents to increase the tension between the states.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – cyber warfare, Korea)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.