Exclusive: North Korea’s Unit 180, a cyber crusade dungeon that worries a West


SEOUL North Korea’s categorical perspective organisation has a special dungeon called Unit 180 that is expected to have launched some of a many adventurous and successful cyber attacks, according to defectors, officials and internet confidence experts.

North Korea has been blamed in new years for a array of online attacks, mostly on financial networks, in a United States, South Korea and over a dozen other countries.

Cyber confidence researchers have also pronounced they have found technical justification that could couple North Korea with a tellurian WannaCry “ransomware” cyber conflict that putrescent some-more than 300,000 computers in 150 countries this month. Pyongyang has called a claim “ridiculous”.

The crux of a allegations opposite North Korea is a tie to a hacking organisation called Lazarus that is related to final year’s $81 million cyber heist during a Bangladesh executive bank and a 2014 conflict on Sony’s Hollywood studio. The U.S. supervision has blamed North Korea for a Sony penetrate and some U.S. officials have pronounced prosecutors are building a box opposite Pyongyang in a Bangladesh Bank theft.

No decisive explanation has been supposing and no rapist charges have nonetheless been filed. North Korea has also denied being behind a Sony and banking attacks.

North Korea is one of a many sealed countries in a universe and any sum of a surreptitious operations are formidable to obtain. But experts who investigate a reserved nation and defectors who have finished adult in South Korea or a West have supposing some clues.

Kim Heung-kwang, a former mechanism scholarship highbrow in North Korea who defected to a South in 2004 and still has sources inside North Korea, pronounced Pyongyang’s cyber attacks directed during lifting income are expected orderly by Unit 180, a partial of a Reconnaissance General Bureau (RGB), a categorical abroad comprehension agency.

“Unit 180 is intent in hacking financial institutions (by) breaching and withdrawing income out of bank accounts,” Kim told Reuters. He has formerly pronounced that some of his former students have assimilated North Korea’s Strategic Cyber Command, a cyber-army.

“The hackers go abroad to find somewhere with softened internet services than North Korea so as not to leave a trace,” Kim added. He pronounced it was expected they went underneath a cover of being employees of trade firms, abroad branches of North Korean companies, or corner ventures in China or Southeast Asia.

James Lewis, a North Korea consultant during a Washington-based Center for Strategic and International Studies, pronounced Pyongyang initial used hacking as a apparatus for espionage and afterwards domestic nuisance opposite South Korean and U.S. targets.

“They altered after Sony by regulating hacking to support rapist activities to beget tough banking for a regime,” he said.

“So far, it’s worked as good or softened as drugs, counterfeiting, bootlegging – all their common tricks,” Lewis said.


The U.S. Department of Defense pronounced in a news submitted to Congress final year that North Korea expected “views cyber as a cost-effective, asymmetric, deniable apparatus that it can occupy with small risk from repartee attacks, in partial since a networks are mostly distant from a Internet”.

“It is expected to use Internet infrastructure from third-party nations,” a news said.

South Korean officials contend they have substantial justification of North Korea’s cyber crusade operations.

“North Korea is carrying out cyber attacks by third countries to cover adult a start of a attacks and regulating their information and communication record infrastructure,” Ahn Chong-ghee, South Korea’s clamp unfamiliar minister, told Reuters in created comments.

Besides a Bangladesh Bank heist, he pronounced Pyongyang was also suspected in attacks on banks in a Philippines, Vietnam and Poland.

In Jun final year, military pronounced a North hacked into some-more than 140,000 computers during 160 South Korean companies and supervision agencies, planting antagonistic formula as partial of a long-term devise to lay a grounds for a large cyber conflict on a rival.  

North Korea was also suspected of entertainment cyber attacks opposite a South Korean chief reactor user in 2014, nonetheless it denied any involvement.

That conflict was conducted from a bottom in China, according to Simon Choi, a comparison confidence researcher during Seoul-based anti-virus association Hauri Inc.

“They work there so that regardless of what kind of plan they do, they have Chinese IP addresses,” pronounced Choi, who has conducted endless investigate into North Korea’s hacking capabilities.


Malaysia has also been a bottom for North Korean cyber operations, according to Yoo Dong-ryul, a former South Korean military researcher who complicated North Korean espionage techniques for 25 years.

“They work in trade or IT programming companies on a surface,” Yoo told Reuters. “Some of them run websites and sell diversion and gambling programs”.

Two IT firms in Malaysia have links to North Korea’s RGB perspective agency, according to a Reuters review this year, nonetheless there was no idea possibly of them was concerned in hacking.

Michael Madden, a U.S.-based consultant on a North Korean leadership, pronounced Unit 180 was one of many chosen cyber crusade groups in a North Korean comprehension community.

“The crew are recruited from comparison center schools and accept modernized training during some chosen training institutions,” Madden told Reuters.

“They have a certain volume of liberty in their missions and tasking as well,” he said, adding that they could be handling from hotels in China or Eastern Europe.

In a United States, officials pronounced there was no decisive justification that North Korea was behind a WannaCry ransomware, though that was no reason to be complacent.

“Whether or not they are directly concerned with ransomware doesn’t change a fact that they are a genuine cyber threat,” pronounced a comparison administration official, who spoke on condition of anonymity.

Dmitri Alperovitch, co-founder of distinguished U.S. confidence organisation CrowdStrike Inc, added: “Their capabilities have softened usually over time, and we cruise them to be a hazard actor that is able of inflicting poignant repairs on U.S. private or supervision networks.”

(To perspective a striking on ‘Don’t click: The ransomware WannaCry worm’ click here)

(Additional stating by David Brunnstrom in Washington, Joseph Menn in San Francisco,; Rozanna Latiff and Tom Allard in Kuala Lumpur; Editing by Raju Gopalakrishnan)


About Author

Leave A Reply