North Korean hackers trying to steal military secrets, cybersecurity agencies warn
The National Cyber Security Centre (NCSC) and partners in the United States and the Republic of Korea have exposed a global cyber espionage campaign carried out by state-sponsored threat actors from North Korea.
The hacking group is called Andariel, and its goal is to steal sensitive and classified technical information and intellectual property data from Western countries, including military and nuclear secrets.
The British NCSC assesses that the group’s cyber activities pose an ongoing threat to organizations and institutions in critical infrastructure globally. For example, Andariel has launched ransomware attacks against the U.S. healthcare sector, an American defense company, and NASA's space agency to extort payments and facilitate its espionage activities.
“The cyber actors have primarily targeted defense, aerospace, nuclear and engineering entities, and organizations in the medical and energy sectors to a lesser extent, in order to obtain information such as contract specification, design drawings, and project details,” the NCSC says in a statement.
The cybersecurity agencies have published an advisory that shares technical details and mitigation advice to help organizations protect themselves against digital attacks from Andariel. Among other things, it discusses known vulnerabilities that the hacking group has exploited in the past to infiltrate a victim’s systems and what malware and other tools the threat actor uses to exfiltrate sensitive data.
“The NCSC, alongside our US and Korean partners, strongly encourage network defenders to follow the guidance set out in this advisory to ensure they have strong protections in place to prevent this malicious activity,” NCSC Director of Operations Paul Chichester points out.
According to the US Department of Justice, Rim Jong Hyok, a North Korean national, is a member of Andariel and has engaged in malicious cyber activities against critical infrastructure. The ransom they obtained was used to fund further malicious cyber operations.
Rim Jong Hyok is wanted for conspiracy to commit computer hacking and money laundering. The Department has issued a federal arrest warrant for him.
Your email address will not be published. Required fields are marked