Britain, the United States and South Korea have warned that North Korean hackers are trying to steal nuclear and military secrets from governments and private companies around the world.
They said the group – known as Andariel and Onyx Sleet – was targeting defense, aerospace, nuclear and engineering entities to collect classified information, with the aim of advancing Pyongyang’s military and nuclear programs and ambitions.
The group sought information in a wide range of areas – from uranium processing to tanks, submarines and torpedoes – and targeted the UK, the US, South Korea, Japan, India and elsewhere.
US air bases, NASA and defense companies are believed to have been targeted.
The notable warning about this particular group appears to be a sign that the group’s combination of espionage and money-making is causing concern among officials because of its impact on both sensitive technology and everyday life.
The United States says the group funds espionage through ransomware operations targeting U.S. health care organizations.
Paul Chichester, chief executive of the UK’s National Cyber Security Centre (NCSC), part of GCHQ, said: “The global cyber espionage activity we have uncovered today shows that North Korean state-sponsored actors are willing to go to any lengths to pursue their military and nuclear programmes.
“This should remind critical infrastructure operators of the importance of protecting the sensitive information and intellectual property they hold on their systems to prevent theft and misuse.”
The NCSC assesses that Andariel is part of the 3rd Department, Reconnaissance General Bureau (RGB) of North Korea.
A joint alert issued by the United States, Britain and South Korea shares advice on how to protect against North Korean forces, saying they are also looking for information on robotic machines, mechanical arms and 3D printed components.
“This indictment shows that North Korean threat groups also pose a serious threat to the daily lives of people and cannot be ignored or taken lightly,” said Michael Barnhart, Mandiant Principal Analyst at Google Cloud.
“Their targeting of hospitals to generate revenue and fund their operations demonstrates their relentless focus on fulfilling their priority mission of intelligence gathering, regardless of the potential consequences they may have on human life.”
This is just the latest in a series of warnings about North Korean hackers over the years.
Some of the most serious cyberattacks have been linked to the country, including the 2014 attack on Sony Pictures in retaliation for a Hollywood comedy depicting the assassination of North Korean leader Kim Jong Un.
North Korea is also known for Lazarus Group activities has committed major thefts amounting to millions of dollars.
