The man behind the Nork hack?

Bill Gertz:
U.S. intelligence agencies have identified the military officer orchestrating North Korea’s state-sponsored hacking attacks, such as the one on Sony Pictures Entertainment. He is Gen. Kim Yong-chol, director of the espionage and clandestine operations service known as the Reconnaissance General Bureau, or RGB.

The RGB was formed in 2009 when the Korean People’s Army, the communist state’s military, combined its Reconnaissance Bureau with the ruling Workers’ Party of Korea Central Committee Operations Department. The combined intelligence and military special operations force is under the control of North Korean supreme leader Kim Jong-un. Both military and party organizations have a long history of deadly covert operations and nefarious foreign espionage operations, such as the 1970s operations to kidnap foreign nationals for use in intelligence training in North Korea.

U.S. and South Korean intelligence agencies have been tracking Gen. Kim since he emerged as a member of the Central Military Commission in September 2010. The four-star general also was part of the funeral committee for Kim Jong-il, who died in 2011, a key indicator of his place in the hierarchy of the secretive North Korean power structure. His promotion to full general was announced in February 2012.

Gen. Kim, who is also deputy chief of the military’s general staff, has headed the RGB since 2009, but his career has not been without bumps. He was demoted to two-star rank in November 2012 following the arrest of a number of North Korean spies in South Korea. By February of 2013, however, Gen. Kim had regained the lost two stars.

Unit 121 has been identified by U.S. and South Korean intelligence as the RGB’s main offensive cyberwarfare group. It is reported that cyberwarfare experts from the group operated out of the Chilbosan Hotel in Shenyang, China. The Sony hack was carried out from a hotel in Thailand, according to an intelligence source. Unit 121 also was blamed for the so-called DarkSeoul cyberattacks last year that were traced to North Korean hackers.

Those attacks against South Korean banks, television broadcasters and news outlets were very similar, in terms of malicious software used and other attack methodology, to the Sony hack. Against the movie network, the North Koreans used a layered cyberattack involving careful pre-attack reconnaissance, data theft for the attack and then data destruction on hard drives and other storage media through the use of “wiper” malware.

South Korea’s government, which cooperated with the FBI in investigating the Sony cyberattack, has linked the 2013 cyberattacks to Internet Protocol addresses belonging to the Pyongyang government’s Korea Post and Telecommunications Corporation, which is part of the Ministry of Post and Telecommunications.
There is more.

This gives pretty good detail on how the hast was done and by whom.  There should be a way to attacking the Internet Protocol address used by the hackers.  The country has been under a counter hack from unknown sources.  That attack does not appear to be limited to just the address used.


Popular posts from this blog

Police body cam video shows a difference story of what happened to George Floyd

The plot against the President

While blocking pipeline for US , Biden backs one for Taliban