North Korea's intelligence agency Reconnaissance General Bureau has a special cell called Unit 180 and it could be behind some of the most successful cyberattacks, security experts have claimed.
Kim Heung-kwang, a former computer science professor in North Korea told Reuters the cyberattacks by North Korea were said to be organised by Unit 180. The attacks were aimed at raising money.
"Unit 180 is engaged in hacking financial institutions (by) breaching and withdrawing money out of bank accounts," said Kim.
"The hackers go overseas to find somewhere with better internet services than North Korea so as not to leave a trace," Kim added. He said the hackers might have gone as employees of trading firms, overseas branches of North Korean companies, joint venture in China or Southeast Asia.
James Lewis, an expert at Center for Strategic and International Studies, told Reuters said Pyongyang used hacking for espionage and then political harassment against South Korea and US.
"They changed after Sony by using hacking to support criminal activities to generate hard currency for the regime," he said.
"So far, it's worked as well or better as drugs, counterfeiting, smuggling – all their usual tricks," added Lewis.
The US Department of Defense in a report submitted to Congress said North Korea likely "views cyber as a cost-effective, asymmetric, deniable tool that it can employ with little risk from reprisal attacks, in part because its networks are largely separated from the Internet."
The report further notes, "It is likely to use Internet infrastructure from third-party nations."
The officials from South Korea claim they have considerable evidence of North Korea's cyberattacks.
"North Korea is carrying out cyber attacks through third countries to cover up the origin of the attacks and using their information and communication technology infrastructure," Ahn Chong-ghee, South Korea's vice foreign minister told Reuters.
Last June police said North Korea hacked into more than 140,000 computers at 160 South Korean companies and government agencies, planting malicious code as a part of long-term plan to lay the groundwork for a massive cyber attack on its rival.
Malaysian is "the base" for cyberattacks
Yoo Dong-ryul, a former South Korean police researcher said Malaysia has been a base for North Korean cyber operations.
An investigation by Reuters suggests two Malaysian tech companies have links to North Korea's RGB spy agency.
Michael Madden, an expert on the North Korean leadership, said Unit 180 was one among several elite cyber warfare groups in North Korean intelligence community.
North Korea's link with WannaCry ransomware
Security researchers have found link between North Korea and wannaCry ransomware that infected more than 300,000 computers in 150 countries.
In response to Pyongyang involvement in the global ransomware attack, North Korea's Deputy United Nations Ambassador Kim In Ryong said, "Relating to the cyber attack, linking to the DPRK, it is ridiculous."
"Whenever something strange happens, it is the stereotype way of the United States and the hostile forces that kick off noisy anti-DPRK campaign deliberately linking with DPRK," added Kim.