The UK, US and South Korea have accused a North Korea-backed cyber group of carrying out an online espionage campaign to steal military and nuclear secrets.
The “Andariel” group has been compromising organisations around the globe as it attempts to get hold of sensitive and classified technical information and intellectual property data, according to the UK’s National Cyber Security Centre (NCSC).
The centre, along with the FBI in the US and South Korea’s national intelligence service, have issued a joint warning and advisory note about Andariel’s actions.
They have urged critical infrastructure organisations to “stay vigilant” against the cyber operations.
North Korea is a secretive and authoritarian state, which is officially known as the Democratic People’s Republic of Korea (DPRK), and is headed by supreme leader Kim Jong Un.
NCSC director of operations Paul Chichester said: “The global cyber espionage operation that we have exposed today shows the lengths that DPRK state-sponsored actors are willing to go to pursue their military and nuclear programmes.”
Andariel is part of DPRK’s Reconnaissance General Bureau (RGB) 3rd bureau, and the group’s malicious cyber activities pose an ongoing threat to critical infrastructure organisations globally, the agency believes.
What did group target?
The group primarily targeted defence, aerospace, nuclear and engineering organisations, but also acted against the medical and energy sectors, according to the NCSC, which is part of the GCHQ intelligence agency.
Andariel has tried to obtain information such as contract specification, design drawings and project details, the NCSC claimed.
As part of its operations, Andariel also launched ransomware attacks against US healthcare organisations in order to extort payments and fund further espionage activity.
The advisory outlines how Andariel has evolved from destructive hacks against US and South Korea organisations to carrying out specialised cyber espionage and ransomware attacks.
The hackers carried out ransomware attacks and cyber espionage operations on the same day against the same victim in some cases.
‘The importance of protecting sensitive information’
Mr Chichester added: “It should remind critical infrastructure operators of the importance of protecting the sensitive information and intellectual property they hold on their systems to prevent theft and misuse.
“The NCSC, alongside our US and Korean partners, strongly encourage network defenders to follow the guidance set out in this advisory to ensure they have strong protections in place to prevent this malicious activity.”