Britain, the United States, and South Korea on Thursday issued a warning over a North Korea-backed global cyber espionage campaign to further the country’s nuclear ambitions.
Law enforcement and intelligence agencies said that a group known as Andariel “has been compromising organizations around the world to steal sensitive and classified technical information and intellectual property data.”
Andariel has been identified as an arm of Pyongyang’s spy agency, and working “to further the regime’s military and nuclear ambitions,” the UK National Cyber Security Centre (NCSC) said.
Defense, aerospace, nuclear, and engineering organizations have mainly been targeted, as well as medical and energy providers, some of which have been hit by ransomware attacks.
“The global cyber espionage operation that we have exposed today shows the lengths that DPRK-state-sponsored actors are willing to go to pursue their military and nuclear programs,” said NCSC director of operations Paul Chichester, referring to the secretive communist state.
“It should remind critical infrastructure operators of the importance of protecting the sensitive information and intellectual property they hold on their systems to prevent theft and misuse.”
In a separate advisory, the US Federal Bureau of Investigation said Andariel, which is known by a variety of names, “remain(s) an ongoing threat to various industry sectors worldwide.”
The group has exploited vulnerabilities in software to launch cyberattacks, including malware and phishing to gain access to sensitive data and information.
It urged companies involved in defense, aerospace, nuclear, and engineering sectors “to remain vigilant in defending their networks from North Korea-state-sponsored cyber operations.”
North Korean Indicted in US
The FBI said Andariel had been trying to obtain information such as specifications and design drawings for uranium processing and enrichment as well as missiles and missile defense systems.
The US Justice Department announced the indictment meanwhile of a North Korean national, Rim Jong Hyok, alleged to be a member of the Andariel hacking group.
Rim was indicted by a grand jury in Kansas for alleged extortion attacks on US hospitals and other health care providers, the department said in a statement.
“North Korean hackers developed custom tools to target and extort US health care providers and used their ill-gotten gains to fund a spree of hacks into government, technology, and defense entities worldwide, all while laundering money through China,” Assistant Attorney General Matthew Olsen said.
The State Department announced a reward of up to $10 million for information leading to the apprehension of Rim.