State-sponsored hackers from North Korea have initiated an operation to acquire sensitive information regarding nuclear materials, military drones, submarines, and shipbuilding from the United States and Britain. Intelligence agencies have raised alarm about a “global cyber espionage campaign” targeting critical sectors.
A joint notice from the US, UK, and South Korea highlighted that North Korea is utilizing state-sponsored actors to advance its military and nuclear objectives, with Japan and India also on their radar.
These hackers, part of a group known as Andariel, are focusing on military secrets and intellectual property in industries such as nuclear, defense, aerospace, and engineering. They are also attempting to obtain sensitive data from the medical and energy sectors.
Paul Chichester, operations director at the National Cyber Security Centre (NCSC), expressed concern over the extensive cyber espionage campaign orchestrated by North Korean forces in pursuit of their military and nuclear programs.
NCSC revealed that Andariel has successfully breached organizations worldwide and stolen sensitive technical and intellectual property data.
The NCSC believes Andariel is connected to North Korea’s Reconnaissance General Bureau (RGB) and poses a constant threat to critical infrastructure organizations globally.
According to intelligence agencies, Andariel funds its espionage operations through ransomware attacks on the US healthcare sector, using publicly available internet scanning tools to identify vulnerable systems.
Chichester emphasized the necessity for safeguarding sensitive information and intellectual property stored on systems to prevent theft or misuse, urging network defenders to follow the advisory guidelines to prevent malicious activities.
The advisory details how Andariel has transitioned from destructive hacks to conducting professional cyber espionage and ransomware attacks, sometimes targeting the same victims on the same day.
The US State Department has announced a reward for information on Lim Jeong-hyok, an alleged Andariel ally involved in ransomware attacks to fund operations against government agencies and defense companies.
North Korea’s cyber army has been linked to various cyber attacks, including the notorious WannaCry ransomworm in 2017. The attack aimed to obtain valuable information for North Korea and generate revenue for the state through illegal means.
Source: www.theguardian.com
