North Korea-backed group 'in cyber campaign to steal military and nuclear secrets'

4 months ago 43


The UK, US and South Korea have accused a North Korea-backed cyber group of carrying out an online espionage campaign to steal military and nuclear secrets.

The "Andariel" group has been compromising organisations around the globe as it attempts to get hold of sensitive and classified technical information and intellectual property data, according to the UK's National Cyber Security Centre (NCSC).

The centre, along with the FBI in the US and South Korea's national intelligence service, have issued a joint warning and advisory note about Andariel's actions.

They have urged critical infrastructure organisations to "stay vigilant" against the cyber operations.

North Korea is a secretive and authoritarian state, which is officially known as the Democratic People's Republic of Korea (DPRK), and is headed by supreme leader Kim Jong Un.

NCSC director of operations Paul Chichester said: "The global cyber espionage operation that we have exposed today shows the lengths that DPRK state-sponsored actors are willing to go to pursue their military and nuclear programmes."

Andariel is part of DPRK's Reconnaissance General Bureau (RGB) 3rd bureau, and the group's malicious cyber activities pose an ongoing threat to critical infrastructure organisations globally, the agency believes.

Follow Sky News on WhatsApp

Follow Sky News on WhatsApp

Keep up with all the latest news from the UK and around the world by following Sky News

Tap here

What did group target?

The group primarily targeted defence, aerospace, nuclear and engineering organisations, but also acted against the medical and energy sectors, according to the NCSC, which is part of the GCHQ intelligence agency.

Andariel has tried to obtain information such as contract specification, design drawings and project details, the NCSC claimed.

North Korea's leader Kim Jong Un arrives at the Vostochny Сosmodrome for a meeting with Russia's President Vladimir Putin, in the far eastern Amur region, Russia, September 13, 2023. Sputnik/Mikhail Metzel/Kremlin via REUTERS ATTENTION EDITORS - THIS IMAGE WAS PROVIDED BY A THIRD PARTY.

Image: North Korea's leader Kim Jong Un. Pic: Reuters

As part of its operations, Andariel also launched ransomware attacks against US healthcare organisations in order to extort payments and fund further espionage activity.

The advisory outlines how Andariel has evolved from destructive hacks against US and South Korea organisations to carrying out specialised cyber espionage and ransomware attacks.

Read more from Sky News:
China, Russia, Iran, and North Korea get closer - how worried should we be?
Britons must 'strengthen defences' against threat of AI-assisted ransomware

Spreaker This content is provided by Spreaker, which may be using cookies and other technologies. To show you this content, we need your permission to use cookies. You can use the buttons below to amend your preferences to enable Spreaker cookies or to allow those cookies just once. You can change your settings at any time via the Privacy Options. Unfortunately we have been unable to verify if you have consented to Spreaker cookies. To view this content you can use the button below to allow Spreaker cookies for this session only.

👉 Click to subscribe to the Sky News Daily wherever you get your podcasts 👈

The hackers carried out ransomware attacks and cyber espionage operations on the same day against the same victim in some cases.

'The importance of protecting sensitive information'

Mr Chichester added: "It should remind critical infrastructure operators of the importance of protecting the sensitive information and intellectual property they hold on their systems to prevent theft and misuse.

"The NCSC, alongside our US and Korean partners, strongly encourage network defenders to follow the guidance set out in this advisory to ensure they have strong protections in place to prevent this malicious activity."

Read Entire Article