North Korean hackers are attempting to steal nuclear and military secrets from governments and private companies around the world, the UK, US and South Korea have warned.
They say the group – known by the names Andariel and Onyx Sleet – is targeting defence, aerospace, nuclear and engineering entities to obtain classified information, with the aim of advancing Pyongyang’s military and nuclear programs and ambitions.
The group has been seeking information in a wide range of areas – from uranium processing to tanks, submarines and torpedoes – and has targeted the UK, US, South Korea, Japan, India and elsewhere.
US air force bases, Nasa and defence companies are said to have been targeted.
The high-profile warning about this specific group appears to be a sign that its work combining espionage and money-making activity is worrying officials because of its impact both on sensitive technology and every-day life.
The US says the group funds its espionage activity through ransomware operations against US healthcare entities.
Paul Chichester, director of operations for the UK’s National Cyber Security Centre (NCSC), an arm of GCHQ, said: “The global cyber espionage operation that we have exposed today shows the lengths that DPRK state-sponsored actors are willing to go to pursue their military and nuclear programmes.
“It should remind critical infrastructure operators of the importance of protecting the sensitive information and intellectual property they hold on their systems to prevent theft and misuse.”
The NCSC assesses that Andariel is a part of North Korea’s Reconnaissance General Bureau (RGB) 3rd Bureau.
The joint warning issued by the US, UK and South Korea shares advice to help defend against North Korean actors, which it says have also been seeking information on robot machinery, mechanical arms, and 3D printing components.
“This indictment showcases that North Korean threats groups also pose a serious threat to citizens’ everyday lives and can’t be ignored or disregarded,” Michael Barnhart, Mandiant Principal Analyst at Google Cloud said.
“Their targeting of hospitals to generate revenue and fund their operations demonstrates a relentless focus on fulfilling their priority mission of intelligence gathering, regardless of the potential consequences it may have on human lives.”
This is just the latest in a series of warnings about North Korean hackers over the years.
Some of the most high profile cyber incidents have been linked to the country, including an attack on Sony Pictures in 2014 in retaliation for a Hollywood comedy film that depicted the assassination of North Korean leader Kim Jong Un.
North Korea is also known for the activities of Lazarus Group which has carried out major thefts of millions of dollars.