Site icon IndoUS Tribune

South Korea, US, UK issue joint advisory on North Korean cyber group activities

Seoul, July 26 – South Korea’s cybersecurity authority has issued a joint advisory with its US and UK counterparts against a North Korean cyber group’s espionage campaign, targeting classified information in defence, aerospace, nuclear and engineering sectors.

The advisory was issued by South Korea’s National Intelligence Service (NIS) and National Police Agency, the US National Security Agency, the UK’s National Cyber Security Centre and other related authorities, according to the National Cyber Security Center under the NIS.

The authorities said the cyber group under the North’s Reconnaissance General Bureau, widely known as Andariel, has been targeting defence, aerospace, nuclear and engineering entities worldwide to obtain sensitive and classified technical information and intellectual property, Xinhua news agency reported.

This information is used to advance North Korea’s military and nuclear capabilities, they added.

“The authoring agencies assess the group has evolved from conducting destructive attacks targeting US and South Korean organisations to conducting specialised cyber espionage and ransomware operations,” the advisory read.

Andariel exploits web servers, through software vulnerabilities, to deploy web shells, gain access and then conduct malware and phishing attacks to extort information, the authorities explained.

The advisory recommends critical infrastructure organisations strengthen their monitoring efforts and enhance their cyber protection systems.

Additionally, they noted that Andariel actors also fund their espionage activities through ransomware attacks on US healthcare entities.

On Thursday (US time), the US State Department announced a reward of up to US$10 million for information on Rim Jong-hyuk, a North Korean national known to be associated with Andariel, accusing him of targeting America’s critical infrastructure, including hospitals, government entities and defence contractors.

US law enforcement investigators have documented that Andariel actors victimised five healthcare providers, four US-based defence contractors, two US Air Force bases and the National Aeronautics and Space Administration, according to the department.

Last year, Andariel was also found to have stolen digital data containing key technologies from South Korean defence firms and pocketed 470 million won (US$339,154) worth of digital coins via ransomware attacks on other firms.

Exit mobile version