The US is raising alarm bells about a North Korean hacking group that broke into NASA, two US Air Force bases, and several defense companies. The FBI, NSA and State Department on Thursday called out the North Korean hacking group “Andariel” for committing cyberespionage and using ransomware attacks on US hospitals to fund its operations. The US indicted one of the alleged members of the group, a North Korean named Rim Jong Hyok. The State Department also issued a $10 million reward for information on Hyok’s location or the identity of other Andariel members.
(Credit: FBI)
The US and security researchers say Andariel operates as a subgroup of Lazarus, North Korea’s most notorious hacking outfit, best known for carrying out the Sony Pictures hack in 2014 and launching the WannaCry ransomware outbreak in 2017. Lazarus has potentially stolen billions from banks and cryptocurrency exchanges, allegedly to fund the North Korean government. Andariel stands out for conducting cyberespionage, including targeting companies and organizations in the defense, aerospace, and nuclear sectors, the US says. According to the indictment, the group stole data from NASA, four US defense contractors, and two US Air Force bases in 2022. “In one computer intrusion operation that began in November 2022, the malicious cyber actors hacked a US-based defense contractor from which they extracted more than 30 gigabytes of data, including unclassified technical information regarding material used in military aircraft and satellites, much of which was from 2010 or earlier,” the State Department said. Last year, the group also allegedly stole over 250GB of data concerning military weapons such as tanks and fighter jets from Taiwanese and South Korean defense companies.
Recommended by Our Editors
In addition, the group has used ransomware attacks to help fund its operations. This included spreading the Maui ransomware strain to at least five US healthcare providers, which were pressured to paying a ransom to free themselves from the attacks. However, the FBI managed to recover at least some of the money paid by the hospitals. The State Department adds that Andariel allegedly operates under North Korea’s Reconnaissance General Bureau. To break into targets, the group will try to exploit known software vulnerabilities in publicly facing web servers. The US notes that Andariel has been spotted researching 38 different software flaws and using over a dozen different malware and hacking tools over the group’s history, which goes as far back as 2009. To stop the threat, the US released an advisory pointing out the group’s tactics and methods. The feds didn’t say how Hyok was linked to the hacking activities, but the FBI notes that Hyok’s last known location was in North Korea.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
