The UK, US and South Korea have accused a North Korean-backed cyber group of running an online espionage campaign to steal military and nuclear secrets.
The “Andariel” group has compromised organizations around the world while trying to obtain sensitive and confidential technical information and intellectual property data, according to the United Kingdom’s National Cyber Security Center (NCSC).
The center, along with the FBI in the US and South Korea’s national intelligence service, issued a joint warning and advisory note on Andariel’s actions.
They urged critical infrastructure organizations to “remain vigilant” against cyber operations.
North Korea is a secretive and authoritarian state, officially known as the Democratic People’s Republic of Korea (DPRK), and is led by supreme leader Kim Jong Un.
NCSC Chief Operating Officer Paul Chichester said: “The global cyber espionage operation we have exposed today shows the lengths to which DPRK state-sponsored actors are willing to go to pursue their military and nuclear programs.”
Andariel is part of the 3rd office of the DPRK’s Reconnaissance General Bureau (RGB), and the group’s malicious cyber activities pose an ongoing threat to critical infrastructure organizations around the world, the agency believes.
What was the group’s target?
The group primarily targeted defense, aerospace, nuclear and engineering organizations, but also acted against the medical and energy sectors, according to the NCSC, which is part of the GCHQ intelligence agency.
Andariel attempted to obtain information such as contract specifications, drawings and project details, the agency said.
As part of its operations, Andariel also launched ransomware attacks against US healthcare organizations in order to extort payments and fund further espionage activities.
The statement describes how Andariel evolved from destructive hacks against US and South Korean organizations to carrying out specialized cyber espionage and ransomware attacks.
Hackers carried out ransomware attacks and cyber espionage operations on the same day against the same victim in some cases.
Keep up with the latest news from the UK and around the world by following Sky News
‘The importance of protecting confidential information’
Chichester said: “Critical infrastructure operators must be reminded of the importance of protecting the sensitive information and intellectual property they hold on their systems to prevent theft and misuse.
“The NCSC, along with our U.S. and Korean partners, strongly encourages network defenders to follow the guidance set forth in this advisory to ensure they have strong protections in place to prevent this malicious activity.”
This story originally appeared on News.sky.com read the full story
