The United Kingdom, the United States and South Korea have accused a North Korean-backed cyber group of spying online to obtain military and nuclear secrets. Sky News.
According to the UK's National Cyber Security Centre (NCSC), a group called “Andariel” is threatening numerous organizations around the world as they attempt to access sensitive and confidential technical information.
The center, along with the U.S. Federal Bureau of Investigation and South Korea’s National Intelligence Service, issued a joint warning and guidance regarding Andaril’s actions. They urged critical infrastructure organizations to “remain vigilant” against such cyber operations.
The US government also offered a reward for his capture.
The U.S. government is offering a reward of up to $10 million to anyone with useful information to help find members of “malicious cyber groups targeting the United States on behalf of foreign governments.” In fact, Andariel focuses on espionage targets against defense contractors, military organizations, and governments.
The U.S. State Department’s Rewards for Justice program is primarily looking for North Korean national Rim Jong Hyok, who is linked to a network called Andariel that has been active since approximately 2009. The reward is being offered to anyone who can help identify or locate Rim or any other actor found to be targeting the United States with cyber activities.
Over time, the group has spread to other sectors, targeting information related to nuclear weapons and, especially during the pandemic, organizations working in the life sciences and pharmaceutical industries, according to research by cybersecurity firm Secureworks.
The UK Cyber Security Centre said Kim Jong Un and North Korea carried out the campaign “to advance the regime’s military and nuclear ambitions”. The group primarily targeted defence, aerospace, nuclear and engineering firms, but also attacked the medical and energy sectors. The characters are North Korean government employees working for the country’s intelligence agency.
They attack with ransomware.
The group carries out so-called ransomware attacks, where hackers attack a system or obtain information and demand a certain amount of money from its owner in exchange for its release.
But as part of its operations, Andariel has also launched ransomware attacks against U.S. healthcare organizations in order to use the payments to fund further espionage. Among them, in a computer hack that began in November 2022, the group breached a U.S. defense contractor, extracting more than 30 gigabytes of data, including technical information about materials used in military aircraft and satellites.
