Bureau 121 is a

North Korea North Korea, officially the Democratic People's Republic of Korea (DPRK), is a country in East Asia. It constitutes the northern half of the Korea, Korean Peninsula and shares borders with China and Russia to the north, at the Yalu River, Y ...

cyberwarfare Cyberwarfare is the use of cyber attacks against an enemy state, causing comparable harm to actual warfare and/or disrupting vital computer systems. Some intended outcomes could be espionage, sabotage, propaganda, manipulation or economic war ...

agency, and the main unit of the Reconnaissance General Bureau of North Korea's

military A military, also known collectively as armed forces, is a heavily armed, highly organized force primarily intended for warfare. It is typically authorized and maintained by a sovereign state, with its members identifiable by their distinct ...

. It conducts offensive cyber operations, including espionage and cyber-enabled finance crime. According to American authorities, the RGB manages

clandestine operation A clandestine operation is an intelligence or military operation carried out in such a way that the operation goes unnoticed by the general population or specific enemy forces. Until the 1970s, clandestine operations were primarily political in ...

s and has six bureaus. Cyber operations are thought to be a cost-effective way for North Korea to maintain an asymmetric military option, as well as a means to gather intelligence; its primary intelligence targets are South Korea, Japan, and the United States.

History

Bureau 121 was created in 1998.

Targets and methods

The activities of the agency came to public attention in December 2014 when

Sony Pictures Sony Pictures Entertainment Inc. (commonly known as Sony Pictures or SPE, and formerly known as Columbia Pictures Entertainment, Inc.) is an American diversified multinational mass media and entertainment studio Conglomerate (company), conglom ...

canceled the opening of its movie ''

The Interview ''The Interview'' is a 2014 satirical alternate history action-comedy film co-produced and directed by Seth Rogen and Evan Goldberg in their second directorial work, following ''This Is the End'' (2013). The screenplay was written by Dan Sterl ...

'' after its computers had been hacked. Bureau 121 has been blamed for the cyber breach, but North Korea has rejected this accusation. Much of the agency's activity has been directed at

South Korea South Korea, officially the Republic of Korea (ROK), is a country in East Asia, constituting the southern part of the Korea, Korean Peninsula and sharing a Korean Demilitarized Zone, land border with North Korea. Its western border is formed ...

. Prior to the attack at Sony, North Korea was said to have attacked more than 30,000 PCs in South Korea affecting banks and broadcasting companies as well as the website of South Korean President

Park Geun-hye Park Geun-hye (; ; often in English ; born 2 February 1952) is a South Korean politician who served as the 11th president of South Korea from 2013 to 2017, until she was impeached and convicted on related corruption charges. Park was the fi ...

North Korea has also been thought to have been responsible for infecting thousands of South Korean smartphones in 2013 with a malicious gaming application. The attacks on South Korea were allegedly conducted by a group then called DarkSeoul Gang and estimated by the computer security company Symantec to have only 10 to 50 members with a "unique" ability to infiltrate websites. American authorities believe that North Korea has military offensive cyber operations capability and may have been responsible for malicious cyber activity since 2009. As part of its sophisticated set-up, cells from Bureau 121 are believed to be operating around the world. One of the suspected locations of a Bureau 121 cell is the Chilbosan Hotel in

Shenyang Shenyang (, ; ; Mandarin pronunciation: ), formerly known as Fengtian () or by its Manchu language, Manchu name Mukden, is a major China, Chinese sub-provincial city and the List of capitals in China#Province capitals, provincial capital of Lia ...

, China. South Korea has also repeatedly blamed Bureau 121 for conducting GPS jamming aimed at South Korea. The most recent case of jamming occurred on 1 April 2016.

Structure

Bureau 121 consists of the following units as of 2019: * Lab 110 ** Office 98 ** Office 414 ** Office 35 *

Unit 180 Unit 180 (180부대) is a North Korean cyberwarfare cell, a component of the Reconnaissance General Bureau. Kim Heung-kwang, a former computer science professor in North Korea, stated that Unit 180 is likely involved in illicit operations to obta ...

* Unit 91 * 128 Liaison Office * 413 Liaison Office

Staffing

Bureau 121 is the largest (more than 600 hackers) and most sophisticated unit in the RGB. According to a report by

Reuters Reuters ( ) is a news agency owned by Thomson Reuters Corporation. It employs around 2,500 journalists and 600 photojournalists in about 200 locations worldwide. Reuters is one of the largest news agencies in the world. The agency was estab ...

, Bureau 121 is staffed by some of North Korea's most talented computer experts and is run by the Korean military. A defector indicated that the agency has about 1,800 specialists. Many of the bureau's

hacker A hacker is a person skilled in information technology who uses their technical knowledge to achieve a goal or overcome an obstacle, within a computerized system by non-standard means. Though the term ''hacker'' has become associated in popu ...

s are hand-picked graduates of the University of Automation,

Pyongyang Pyongyang (, , ) is the capital and largest city of North Korea, where it is known as the "Capital of the Revolution". Pyongyang is located on the Taedong River about upstream from its mouth on the Yellow Sea. According to the 2008 populatio ...

and spend five years in training. A 2021 estimate suggested that there may be over 6,000 members in Bureau 121, with many of them operating in other countries, such as Belarus, China, India, Malaysia, and Russia. While these specialists are scattered around the world, their families benefit from special privileges at home.

Alleged operations

2013 South Korea cyberattack In 2013 there were two major sets of cyberattacks on South Korean targets attributed to elements within North Korea. March On 20 March 2013, three South Korean television stations and a bank suffered from frozen computer terminals in a suspected ...

*November 2014

Sony Pictures hack On November 24, 2014, a hacker group identifying itself as "Guardians of Peace" leaked a release of confidential data from the film studio Sony Pictures Entertainment (SPE). The data included personal information about Sony Pictures employees ...

*February 2016

Bangladesh Bank robbery The Bangladesh Bank robbery, also known colloquially as the Bangladesh Bank cyber heist, was a theft that took place in February 2016. Thirty-five fraudulent instructions were issued by security hackers via the SWIFT network to illegally tra ...

* 2015–2016 SWIFT banking hack *May 2017

WannaCry ransomware attack The WannaCry ransomware attack was a worldwide cyberattack in May 2017 by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitco ...

References