A hacker group backed by the King Jong Un-led North Korean state has today been accused of trying to steal military and nuclear secrets by the UK, US and South Korea.
The UK’s National Cyber Security Centre, along with several policing, security and intelligence agencies from the US and South Korea, accused the Andariel group of stealing sensitive and classified information from around the globe.
Andariel, also known as Onyx Sleet, and formerly known as PLUTONIUM, DarkSeoul, Silent Chollima, and Stonefly/Clasiopa, primarily targeted defence, aerospace, nuclear and engineering organisations, but also hacked the medical and energy sectors.
The group has attempted to obtain information such as contract specification, design drawings and project details, and launched ransomware attacks against American healthcare organisations in order to extort payments and fund further espionage activity, the NCSC said.
The NCSC believes that Andariel is a part of North Korea’s reconnaissance general bureau (RGB) 3rd bureau, and the group’s malicious cyber activities pose an ongoing threat to critical infrastructure organisations globally.
A joint advisory put out by the government agencies claimed that the hacker group was searching for information on tanks, howitzers, combat ships, submarines, drones, fighter jets, missile defence systems, nuclear research facilities, and ship building engineering, among many targets.
Specifically, hackers searched for design drawings and engineering documents, as well as contract specifications and bills of materials used.
They did this by attempting to maliciously upload code to targets that would’ve allowed them to execute commands, log keystrokes and take screenshots, as well as opening file directories.
NCSC’s director of operations Paul Chichester said: ‘The global cyber espionage operation that we have exposed today shows the lengths that DPRK (Democratic People’s Republic of Korea) state-sponsored actors are willing to go to pursue their military and nuclear programmes.’
He added: ‘It should remind critical infrastructure operators of the importance of protecting the sensitive information and intellectual property they hold on their systems to prevent theft and misuse.
‘The NCSC, alongside our US and Korean partners, strongly encourage network defenders to follow the guidance set out in this advisory to ensure they have strong protections in place to prevent this malicious activity.’
The advisory outlined how Andariel has evolved from destructive hacks against US and South Korea organisations to carrying out specialised cyber espionage and ransomware attacks.
In some cases, the hackers carried out both ransomware attacks and cyber espionage operations on the same day against the same victim.
Last year, the NCSC issued an unprecedented joint advisory with the South Korean National Intelligence Service about a surge in attacks by North Korean hackers.
The joint advisory, which was the first of its kind, came during the state visit to the UK by South Korean President Yoon Suk Yeol.