iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
The UK’s National Cyber Security Centre has warned of the ongoing espionage activities of the Andariel threat group.
The National Cyber Security Centre (NCSC) in the UK and partner agencies in the Republic of Korea and the US have warned of a state-sponsored North Korean hacking campaign targeting “classified technical information”.
According to the NCSC, the Andariel threat group – alongside APTs such as Kimsuky and Lazarus – is largely attempting to acquire, via cyber espionage, intellectual property and technical information regarding nuclear operations and is linked to the DPRK’s Reconnaissance General Bureau, 3rd Bureau.
The group’s targets are largely “defence, aerospace, nuclear and engineering entities”, though Andariel has been seen to go after entities in the medical and energy sectors. Andariel has also been known to launch ransomware attacks in order to fund further cyber operations, though it has evolved away from simply “destructive” attacks on South Korean and US targets in favour of “specialised cyber espionage”.
“The global cyber espionage operation that we have exposed today shows the lengths that DPRK state-sponsored actors are willing to go to pursue their military and nuclear programmes,” Paul Chichester, NCSC director of operations, said in a statement late last week.
“It should remind critical infrastructure operators of the importance of protecting the sensitive information and intellectual property they hold on their systems to prevent theft and misuse.
“The NCSC, alongside our US and Korean partners, strongly encourage network defenders to follow the guidance set out in this advisory to ensure they have strong protections in place to prevent this malicious activity.”
Adam Maruyama, field chief technical officer at Garrison Technology and a former strategist at the National Counterterrorism Center in the US, observed that Andariel’s activity shows the complex interactions between hacking groups and North Korean authorities.
“Recent warnings by the US, UK, and South Korean governments about North Korea-sponsored cyber actor Andariel demonstrate, above all, the labyrinthine interconnections between cyber crime, cyber espionage, and warfare in both the physical and cyber domains. After Chinese cyber actor Volt Typhoon infiltrated privately operated US critical infrastructure, Andariel’s attacks against hospitals and other private entities to raise money for the rest of their activities represent an even further broadening of nefarious actors’ target sets, underscoring that any organisation, governmental or otherwise, may be a target for nation state-sponsored hackers,” Maruyama said.
“As a society, it’s critical that we view cyber security not only as a technical security risk but also as a risk to business, our way of life, and – particularly in the world of healthcare and critical infrastructure – actual human lives. Although Andariel currently seems to be using mostly known vulnerabilities to attack its targets, organisations should still rethink their cyber infrastructure and find ways to decrease their attack surfaces rather than relying on detection and response technologies to defeat potential intrusion once attackers are on corporate systems. Technologies like hardware-enforced security and attack surface management can go a long way to decrease the number of opportunities adversaries have to penetrate organisations’ systems.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
