The US, UK, and South Korea have issued an advisory about the Andariel group
Intelligence agencies from the UK, US, and South Korea have jointly warned that a North Korean hacking group, Andariel, has been targeting organizations worldwide to steal sensitive and classified information.
The National Cyber Security Centre (NCSC), part of the British GCHQ intelligence agency, issued the warning on Thursday, alongside the FBI, NSA, and Pentagon in the US, as well as South Korea’s national intelligence and police agencies.
“The global cyber espionage operation that we have exposed today shows the lengths that DPRK state-sponsored actors are willing to go to pursue their military and nuclear programs,” NCSC director of operations Paul Chichester said in a statement.
According to the advisory, Andariel has targeted defense, aerospace, nuclear, and engineering agencies in South Korea, the UK, and the US. The group has also allegedly hacked hospitals and healthcare organizations in the US to extort money to fund further espionage.
The US Department of State has offered a reward of up to $10 million for information leading to the arrest of Rim Jong Hyok, who is allegedly associated with Andariel. The US government believes Andariel has targeted five American healthcare providers, four military contractors, two US Air Force bases, and the NASA Office of Inspector General (OIG).
The NCSC believes that Andariel is part of the third directorate of North Korea’s Reconnaissance General Bureau and poses “an ongoing threat” to critical infrastructure globally.
Andariel was previously identified by Kaspersky and South Korea’s Financial Security Institute (FSI). At the time, they described the group as being focused on attacking South Korean businesses and government agencies and interested mainly in profit.