A North Korea-linked group has carried out a global cyber espionage operation in pursuit of the Pyongyang regimes military and nuclear ambitions, the National Cyber Security Centre said.
The GCHQ affiliate revealed on Thursday how a North Korean cyber group known as Andariel has been compromising organisations around the world to steal sensitive and classified technical information and intellectual property data.
The cyber actors have primarily targeted defence, aerospace, nuclear and engineering entities, and organisations in the medical and energy sectors to a lesser extent.
The North Koreans are trying obtain information such as contract specification, design drawings and project details.
As part of its operations, Andariel has also launched ransomware attacks against US healthcare organisations in order to extort payments and fund further espionage activity.
Andariel has evolved its operations from conducting destructive attacks targeting US and South Korea organisations to conducting specialised cyber espionage and ransomware attacks.
In some cases the actors have even been observed launching ransomware attacks and espionage operations on the same day and leveraging both activities against the same victim.
Paul Chichester, NCSC Director of Operations, said: “The global cyber espionage operation that we have exposed today shows the lengths that DPRK state-sponsored actors are willing to go to pursue their military and nuclear programmes.
“It should remind critical infrastructure operators of the importance of protecting the sensitive information and intellectual property they hold on their systems to prevent theft and misuse.
“The NCSC, alongside our US and Korean partners, strongly encourage network defenders to follow the guidance set out in this advisory to ensure they have strong protections in place to prevent this malicious activity.”
Discussion about this post