Cybersecurity researchers say North Korea might be linked to the WannaCry ‘ransomware’ cyber attack that has infected more than 300,000 computers worldwide since Friday.
IT’S the secretive unit blamed for a string of cyberattacks across the world, including the attack that affected 300,000 computers in 150 countries earlier this month.
And the West has every reason to be worried about what North Korea’s cyber warfare cell, known as Unit 180, is up to next.
Unit 180, which forms part of the Reconnaissance General Bureau (RGB) and is its main overseas intelligence agency, already has its eyes and ears on Australia, a cyber security expert has warned.
Dr Greg Austin, a Professor in the Australian Centre for Cyber Security at the University of New South Wales, said there was no doubt North Korea was already active in cyber space in Australia.
Dr Austin said while the threat of a North Korean missile hitting this country remained a serious concern, the bigger danger is in cyber space.
“North Korea is almost certainly conducting cyber espionage against South Korean targets here,” he said.
“South Korean people, assets and aircraft in Australia are all potential targets of disabling cyberattacks.”
He said North Korea remained far more likely to use a cyberattack against Australia and that the primary targets of a North Korean cyber attack in Australia include South Korean leaders, institutions, civil aircraft, or even citizens living here.
Dr Austin, who delivered a seminar last Friday, Korea’s Cyber War Vortex in Canberra, said Unit 180 was just one number given to the North Korean spy agency’s cyber cell.
Dr Austin also said the reality was many people didn’t realise an active cyberwar was already underway with North Korea.
While Pyongyang knows it can’t get into a direct war with the West, it can attack it via a series of smaller wars.
Such attacks were also intensifying in destructiveness and frequency, Dr Austin said.
Dr Austin said the capabilities of North Korea’s cyber warfare cells have been known for some time.
But Unit 180 isn’t the only number or cell Australia and the West should be worried about.
According to him, North Korea has 6000 cyber warriors on home soil and other cells known as Units 110 and 1232 even have some active personal in northern China.
“Unit 121 has 600 of its 1800 cyber staff dedicated to disabling South Korean military command and control in the event of war,” he told the seminar last week.
Dr Austin said while there was no hard evidence to suggest North Korea was behind last week’s global attack, the reality was it wasn’t a sophisticated attack and it could have been carried out by as little as three people.
“And if North Korea was behind the global attacks (WannaCry) then this could also affect Australia as well,” Dr Austin said.
INSIDE UNIT 180
North Korea has been blamed in recent years for a series of online attacks, mostly on financial networks in the United States, South Korea and over a dozen other countries.
Cyber security researchers have also told Reuters they have found technical evidence that could link North Korea with the global WannaCry “ransomware” cyber attack that hit last week in more than 150 countries.
Pyongyang has called the allegation “ridiculous”.
Kim Heung-kwang, a former computer science professor in North Korea who defected to the South in 2004 and still has sources inside North Korea, said Pyongyang’s cyber attacks aimed at raising cash are more likely organised by Unit 180.
“Unit 180 is engaged in hacking financial institutions (by) breaching and withdrawing money out of bank accounts,” Mr Kim said.
“The hackers go overseas to find somewhere with better internet services than North Korea so as not to leave a trace.”
James Lewis, a North Korea expert at the Washington-based Centre for Strategic and International Studies, said Pyongyang first used hacking as a tool for espionage and then political harassment against South Korean and US targets.
“They changed after Sony by using hacking to support criminal activities to generate hard currency for the regime,” he said.
“So far, it’s worked as well or better as drugs, counterfeiting, smuggling — all their usual tricks.”
The US Department of Defence said in a report submitted to Congress last year that North Korea likely “views cyber as a cost-effective, asymmetric, deniable tool that it can employ with little risk from reprisal attacks, in part because its networks are largely separated from the internet”.