North Korean hackers are attempting to steal nuclear and military secrets from governments and private companies around the world, Britain, the United States and South Korea have warned.
They say the group — known by the names Andariel, Onyx Sleet and DarkSeoul, among others — is targeting defense, aerospace, nuclear and engineering entities to obtain classified information, with the goal of advancing Pyongyang’s military and nuclear programs and ambitions.
The group has been seeking information across a wide range of sectors – from Uranium processing into tanks, submarines and torpedoes– and has targeted the UK, the US, South Korea, Japan, India and other countries, according to BBC security correspondent Gordon Corera.
It is suspected of having attacked US air bases, NASA and defence companies.
The high-profile warning about this particular group appears to be a sign that their activity, which combines espionage and profit, is of concern to authorities because of its impact on both sensitive technology and everyday life.
The United States says the group finances its espionage activities through operations of ransomware or data kidnapping against health institutions in the country.
To date, five healthcare providers, four US-based defense contractors, two US Air Force bases and the National Aeronautics and Space Administration’s Office of Inspector General have been targeted by the group.
The US government has, in fact, offered a US$10 million reward for information that can identify those who launch cyberattacks against the country on the orders of a foreign government, especially members of Andariel and, specifically, one person: Rim Jong Hyok.
Rim has been indicted by the U.S. Department of Justice for his alleged involvement in a scheme to hack into the computer systems of U.S. hospitals and extort ransom money.
According to Paul Chichester, director of operations at the UK’s National Cyber Security Centre (NCSC), “The global cyber espionage operation we have uncovered demonstrates the lengths to which North Korean-sponsored actors are prepared to go to pursue their military and nuclear programmes.”
“I should remind operators of essential infrastructures The importance of protecting sensitive information and intellectual property that they keep in their systems to prevent theft and misuse.”
NCSC estimates Andariel to be part of North Korea’s 3rd Reconnaissance General Bureau (RGB).
According to the US, this office is linked not only to Pyongyang’s malicious cyber activities, but also to the illicit arms trade.
Andariel has moved from carrying out attacks against organizations in the United States and South Korea to carrying out specialized cyber espionage and cyber attacks. ransomware.
In some cases, these groups have been observed launching data hijacking attacks and espionage operations on the same day and against the same victim.
“Threat to everyday life”
The joint warning issued by the US, UK and South Korea includes Tips to help defend yourself from North Korean agentswho he says have also been looking for information on robotic machinery, mechanical arms and 3D printing components.
“This report highlights that North Korean criminal groups also pose a serious threat to the daily lives of citizens and cannot be ignored or neglected,” said Michael Barnhart, principal analyst at Mandiant at Google Cloud.
“Their attacks on hospitals to generate revenue and fund their operations demonstrate a relentless interest in fulfilling their priority mission of gathering intelligence, regardless of the potential consequences this may have on human lives.”
According to the US State Department, Rim Jong Hyok and others managed to hack into the computer systems of American hospitals and other health care providers. installing a malicious program known as “Maui”after which they demanded ransoms.
The attacks encrypted victims’ computers and servers, which were used to store medical evidence or medical records, and disrupted healthcare services.
With the money received from ransom payments, the cybercriminals financed other malicious cyber operations targeting U.S. government entities and defense contractors, among others.
In one of their operations, which began in November 2022, the hackers They hacked a defense contractor and managed to extract more than 30 gigabytes of data, including unclassified technical information about equipment used in military aircraft and satellites, much of it dated to 2010 or earlier.
This is just the latest in a series of warnings about hackers or North Korean hacking that has occurred in recent years.
Some of the most high-profile cyber incidents have been linked to the country, such as the 2014 attack on Sony Pictures in retaliation for a Hollywood comedy film depicting the assassination of North Korean leader Kim Jong Un.
This attack was carried out by the Lazarus Group, another of these North Korean hacker gangs, which has stolen millions of dollars over the years.
One of his victims in 2016 was the Austro Bank in Ecuadorfrom which US$12 million was stolen.
That same year, he attempted to steal $1 billion from Bangladesh Bank, although all but one transfer of $81 million was stopped.
Click here to read more stories from BBC News Mundo.
You can also follow us on Youtube, Instagram, TikTok, X, Facebook and in our new WhatsApp channelwhere you’ll find breaking news and our best content.
And remember that you can receive notifications in our app. Download the latest version and activate them.
- UN report accuses North Korea of “stealing $2 billion through cyberattacks” to make weapons
- US: “North Korea is directly responsible” for the WannaCry virus, the largest global cyberattack in history, “and must pay for it”
- The Lazarus heist: Hackers steal $14 million in two hours from ATMs around the world