North Korea’s Unit 180 Hacking Cell Accused Of Major Cyber Attacks

An illustration representing the North Korean flag and the shape of its borders

Major hack attacks appear to be a money making exercise for North Korea’s regime

Blame for some of the most successful and daring cyber attacks has been put firmly on the doorstep of a dedicated cell of North Korea’s main spy agency called Unit 180.

Reuters reported that North Korean defectors, South Korean officials  and Internet security experts all claim that Unit 180 has been responsible for major hack attacks, including the WannaCry ransomware.

While Pyongyang has refuted such claims, the allegations stem from North Korea’s connection to the Lazarus hacker group which swiped $81 million (around £62m) from Bangladesh’s central bank.

US officials have claimed prosecutors are attempting to build a case against North Korea over the banking hack.  The hack against Sony in 2014 also fanned the flames of such allegations.

North Korea’s Unit 180

north koreaWhile North Korea remains on of the most closed off an isolated nations in the world when it comes to information going in and out of the country, there is a reliance on defectors to tip off the rest of the world on what is going on within North Korean borders.

One of which is Kim Heung-kwang, a former computer science professor in North Korea who defected to the South in 2004, who told Reuters that his sources still in North Korea noted that the cyber attacks are targeted at raising money for North Korea’s regime through Unit 180, which forms part of North Korea’s overseas intelligence agency Reconnaissance General Bureau.

Noting that former students of his had joined North Korea’s cyber army, the Strategic Cyber Command, Heung-kwang explained that Unit 180 hackers work abroad to avoid cyber attacks from being directly traced back to North Korea.

“The hackers go overseas to find somewhere with better internet services than North Korea so as not to leave a trace,” he said, highlighting that they likely went under the guise of employees of trading firms and international arms of North Korean companies.

The cyber attacks appear to be less about disruption and more a money-making exercise that is less risky, more cost-effective, and difficult to trace when compared to other activities such a drug trading and smuggling.

By using the infrastructure of other nations to launch cyber attacks, Unit 180 operatives can carryout such activities that hide the origins of their activities and providing a veneer of deniability for North Korea when other nations and cyber security researchers levie responsibility for large hack attacks against it.

“North Korea is carrying out cyber attacks through third countries to cover up the origin of the attacks and using their information and communication technology infrastructure,” South Korea’s vice foreign minister, Ahn Chong-ghee, told Reuters.

South Korea claims to have significant evidence of North Korean cyber warfare activities, but given the enmity between both nations the evidence would need to be assessed by a more neutral third-party before any conclusive judgements can be drawn up.

However, it would come as no surprise if North Korea was indeed provide to be behind major cyber security attacks given the nation appears to be pursuing a strong military doctrine and looks to have no intention of stopping its nuclear testing in a bid to develop nuclear warheads for ballistic missiles.

Are you a security expert? Try our quiz!