The National Cyber Security Centre (NCSC) in the UK and partner agencies in the Republic of Korea and the US have warned of a state-sponsored North Korean hacking campaign targeting “classified technical information”.
According to the NCSC, the Andariel threat group – alongside APTs such as Kimsuky and Lazarus – is largely attempting to acquire, via cyber espionage, intellectual property and technical information regarding nuclear operations and is linked to the DPRK’s Reconnaissance General Bureau, 3rd Bureau.
The group’s targets are largely “defence, aerospace, nuclear and engineering entities”, though Andariel has been seen to go after entities in the medical and energy sectors. Andariel has also been known to launch ransomware attacks in order to fund further cyber operations, though it has evolved away from simply “destructive” attacks on South Korean and US targets in favour of “specialised cyber espionage”.
Read the rest of the story at cyberdaily.