Most Wanted – North Korean Hackers

The United States, South Korea and the United Kingdom have accused a North Korean-backed cyber group of conducting an online espionage campaign to steal military and nuclear secrets. The Andariel group is compromising organizations around the world by trying to steal top-secret technical information and intellectual property data, according to a U.K. National Cybersecurity Center (NCSC).

Andariel’s campaigns aim to “advance the regime’s military and nuclear ambitions.” Now the US has placed a $10 million bounty on a North Korean citizen linked to Andariel. He is accused of attacking healthcare systems with ransomware and also hacked into NASA and the US Air Force.

The NCSC, the US FBI, and South Korean intelligence agencies issued a joint warning and advisory note regarding Andariel’s activities.

They urged critical infrastructure organizations to “remain vigilant” in the face of such cyber operations. “The U.S. Department of State’s Rewards for Justice program, administered by the Diplomatic Security Service, offers a reward of up to $10 million for information leading to the identification or location of any individual who, acting at the direction or under the control of a foreign government, engages in certain malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act,” the U.S. Department of State says.

Andariel focuses on pursuing defense contractors, military organizations, and governments for the purpose of espionage.
The group has expanded into other sectors over time, focusing on nuclear weapons intelligence and, especially during the pandemic, on life sciences and pharmaceutical organizations, according to research by cybersecurity firm Safe work.

The reward is for information that could lead to the identification or location of Rim Jong Hyok, who is “associated with the malicious cyber group known as Andariel,” according to the U.S. State Department.

That same day, the FBI issued an arrest warrant for Rim after a Kansas court issued a federal warrant for his arrest on July 24 on charges of computer hacking conspiracy and advertising money laundering conspiracy.

Rim is a member of the Andariel unit, which operates on behalf of the North Korean military intelligence agency, the Reconnaissance General Bureau, according to an FBI complaint.

According to the NCSC Chief Operating Officer Paul Chichester “The global cyber espionage operation we uncovered today shows the lengths to which North Korean state-sponsored actors are willing to go to advance their military and nuclear programs.”

According to the NCSC, Andariel is likely a unit of the 3rd Bureau of the North Korean military’s Reconnaissance General Bureau (RGB), and the group’s malicious cyber activity poses an ongoing threat to critical infrastructure organizations around the world.

The group primarily targeted defense, aerospace, nuclear, and engineering organizations, but also targeted medical and energy sectors. In particular, Andariel sought to obtain information including contract specifications, design drawings, and other classified project details.

US Department of State | NCSC | CISA | Secureworks | Sky | NKNews | FBI | Yahoo

Photo: FBI

You can also read:

United Opposition to Online Threats from North Korea:

If you enjoy this website and enjoy using our comprehensive Directory of over 6,500 service providers, you can gain unlimited access, including an exclusive series of in-depth executive reports, by purchasing a Premium Subscription.

• Individually £5 per month or £50 per year. Sign up

• Multi-user, corporate and library accounts available upon request

Cybersecurity Intelligence: Captured, Organized, and Accessible