Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

What we know about North Korea's cyberarmy

Martyn Williams | Dec. 22, 2014
Snippets of information about the secretive regime's cyberops have leaked out over the years.

north korea computer kids

The attack on Sony Pictures has put North Korea's cyberwarfare program in the spotlight. Like most of the internal workings of the country, not much is known but snippets of information have come out over the years, often through defectors and intelligence leaks.

Here's a summary of what we know:

The Cyberunits

North Korea's governing structure is split between the Workers' Party of Korea (WPK) and the National Defense Commission (NDC).

North Korea's main cyberoperations run under the Reconnaissance General Bureau (RGB), which itself falls under the Ministry of People's Armed Forces that is in turn part of the NDC. The RGB has been operational for years in traditional espionage and clandestine operations and formed two cyberdivisions several years ago called Unit 121 and Office 91.

Office 91 is thought to be the headquarters of North Korea's hacking operation although the bulk of the hackers and hacking and infiltration into networks is done from Unit 121, which operates out of North Korea and has satellite offices overseas, particularly in Chinese cities that are near the North Korean border. One such outpost is reportedly the Chilbosan Hotel in Shenyang, a major city about 150 miles from the border. A third operation, called Lab 110, participates in much the same work.

There are also several cyberunits under North Korea's other arm of government, the Workers' Party of Korea.

Unit 35 is responsible for training cyberagents and is understood to handle domestic cyberinvestigations and operations. Unit 204 takes part in online espionage and psychological warfare and Office 225 trains agents for missions in South Korea that can sometimes have a cyber component.


The North Korean school system emphasis the importance of mathematics to students from a young age. The most gifted are given access to computers where they can begin practicing programming skills and, if they are good enough, go on to one of a handful of schools that have specialist computer departments. These are typically Kim Il Sung University, the country's most prestigious seat of learning, Kim Chaek University of Technology or Mirim College. Much less is known about the latter, although it's believed to be a specialist cyberwarfare school.

The students learn general programming techniques and will also specialize in disciplines such as cyberwarfare. After graduating, they will sometimes be sent to study overseas. That's when, with an open Internet connection and the anonymity of a foreign network, they can start participating in hacker forums, developing malicious software and testing out their skills.

Over the past few years, it's estimated the schools have turned out several thousand students (estimates range from around 2,000 to around 6,000), who now make up North Korea's cyberforces.


1  2  3  Next Page 

Sign up for Computerworld eNewsletters.