Mr. Kang is likely under protection of the West and has offered key intelligence that has aided the United States, Japan and South Korea in the talks with the Kim regime.
One of North Korea’s most senior intelligence officials, who played a major role in building Pyongyang’s nuclear weapons program, has disappeared and is believed to have defected to France or Britain, according to sources. South Korean media identified the missing official as “Mr. Kang”, and said he is a colonel in North Korea’s State Security Department (SSD), also known as Ministry of State Security. Mr. Kang, who is in his mid-50s, enjoyed a life of privilege in North Korea, because he is related to Kang Pan-sok (1892-1932), a leading North Korean communist activist and mother to the country’s late founder, Kim Il-sung.
According to South Korean reports, Kang was in charge of North Korea’s counter-espionage operations in Russia and Southeast Asia, including China. He is also believed to have facilitated secret visits to Pyongyang by foreign nuclear scientists, who helped build North Korea’s nuclear weapons program. In recent years, Kang was reportedly based in Shenyang, the largest Chinese city near the North Korean border, which is home to a sizeable ethnic Korean population. According to reports, Kang led Unit 121, an elite North Korean hacker group based in Shenyang, with the aim of carrying out cyber-attacks without implicating North Korea. The South Korean-based DailyNK website said on Wednesday that Kang had been based at the Zhongpu International Hotel in Shenyang (until recently named Chilbosan Hotel), which has historically been operated through a joint Chinese-North Korean business venture and is known to host numerous North Korean government officials.
But according to DailyNK, Kang disappeared from Shenyang in February and is now believed to have defected, possibly “to France or Great Britain”. The Seoul-based website said Kang took “a lot of foreign currency with him” as well as “a machine capable of printing American dollars”. Following Kang’s disappearance, the government in Pyongyang launched a worldwide manhunt for him, sending at least 10 agents to assassinate him before he is given political asylum in the West, said DailyNK. Pang’s family, including his wife and children, are believed to still be in Pyongyang.
While it is reported that North Korea has released 3 Americans from a labor camp to detention at a hotel from observation and deprogramming. There is no word on full release however, there is more going on with behind the scenes and that includes this defection along with the unit this Colonel worked for while living and stationed in China.
The North Korean hackers hit the systems of the Israeli energy company to attempt to penetrate the best electronic protection systems, South Korea’s newspaper Naver reported. According to the company’s experts, the North Korean cyber actors have real capabilities to damage the infrastructure of the United States, Japan and other countries.
Last year, experts warned that the North Korean cyber army could be far more dangerous to global security than its nuclear missiles. “North Korean cyberattacks and other malicious cyber activities pose a risk to critical infrastructure in countries around the world and to the global economy,” the statement said.
Since 2011, Pyongyang has been scaling up its cyber capacities. The North Korean regime is suspected to be exploiting its cyber weapons for political purposes to intimidate its opponents as well as to steal crypto-currency.
North Korean hackers are involved in major cyber offensives
In 2013, the three largest broadcasting companies and two banking institutions of South Korea suffered a massive attack against their systems. According to Shinhan Bank and Nonghyup Bank representatives, about 32,000 computers were infected while internet banking and ATMs stopped working. While Pyongyang still denies any involvement, cybersecurity experts pointed to North Korean group Lazarus.
In August 2014, North Korea hacked the Channel 4 to prevent the production of a drama depicting the fictional story of a nuclear scientist kidnapped in the country.
However one of the most advanced attacks was the intrusion into the network of Sony Corporation in September 2014. The malware destroyed 70% of information stored in the company’s computers. According to Jim Lewis, senior fellow at the Center for Strategic and International Studies, the attack turned out to be the worst of its type on a company on U.S. soil.
North Korean hackers raise funds for regime
International sanctions forced Kim Jong-un to look for alternative and illegal sources of financing. By late 2015, the North Korean hackers shifted their attention to the global financial system, according to researchers at BAE Systems, FireEye and Symantec.
In 2016, they were about to commit the most astonishing bank robbery in history. The cybercriminals were close to stealing a billion dollars from the Federal Reserve of New York and only a misprint in the word “foundation” kept them from it.
North Korean state-backed hackers have been also accused of the WannaCry ransomware attack that affected hundreds of thousands of computers worldwide in 2017. Taking into account large amounts of stolen money, it becomes clear that despite the growing political and economic pressure Pyongyang will be able to stay afloat for long.
“Winter is coming”
According to the commander of the US forces in South Korea, General Brooks, the North Korean military forces are currently capable of carrying out the most efficient and well-prepared cyber-attacks in the world.
Robert Hannigan, former director of the Center for Government Communication of Great Britain says that as of June 2017, North Korea had 1,700 state-sponsored hackers and more than 5,000 support staff personnel. They all operate under the Main Intelligence Department of North Korean Armed Forces, known as Unit 586. The so-called Bureau 121 is the main unit conducting cyberattacks abroad. The US Department of Homeland Security refers to this structure as Hidden Cobra, while private companies gave the common name Lazarus to all North Korean hackers. But no one exactly knows how many different subdivisions the North Korea’s cyber-army has.
Earlier this year, cybersecurity firm McAfee reported that hackers have targeted organizations involved in the 2018 Pyeongchang Winter Olympics, which are set to start this week. The malicious actors attempted to obtain passwords and sensitive financial data. Speculations have risen that the North could be responsible amid anti-North Korean demonstrations in the Korean Republic and increasingly hostile rhetoric between Pyongyang and Washington.
Some analysts believe that the ongoing talks between Pyongyang and Seoul are Kim Jong-un ruse aimed to distract attention from the North Korea’s nuclear program and its malicious activities in cyberspace. But even if talks go smoothly, Pyongyang will never give up further development of its cyber weapons.
North Korea’s advanced cyber warfare capabilities could be truly scaring and risk escalating the crisis. As international bodies consider enforcing sanctions, Pyongyang continues its campaign of outright theft. Korean Olympic detente won’t last forever.
Next time when Kim Jong-Un feels trapped or insulted his cyber army will be ready to wreak havoc.