North Korea-backed group accused of launching 'cyber campaign to steal military and nuclear secrets'

25 July 2024, 18:15

Andariel began as a hacker group targeting the US and South Korea, but has since evolved to carry out specialised cyber espionage and ransomware strikes.

The UK's National Cyber Security Centre (NCSC) has accused the "Andariel" group of compromising organisations across the globe in a bid to obtain tightly guarded military secrets.

The NCSC, FBI and South Korea’s national intelligence service have come together to warn of the risk posed by Andariel, urging infrastructure organisations to "stay vigilant" against the cyber operations.

NCSC director of operations Paul Chichester said: “The global cyber espionage operation that we have exposed today shows the lengths that DPRK (Democratic People’s Republic of Korea) state-sponsored actors are willing to go to pursue their military and nuclear programmes.

Read more: Ex-minister Johnny Mercer will not face jail despite refusing to hand over whistleblower names to Afghan inquiry

Read more: Meta panel says deepfake policies need update amid controversy over nude images

The NCSC accuses Andariel of being part of the DPRK’s reconnaissance general bureau (RGB) 3rd bureau and believes the group poses a threat to global infrastructure.

Andariel primarily targeted military, aerospace, nuclear and engineering organisations.

The group also launched ransomware attacks against US healthcare companies in a bid to extort payments and fund their espionage, the NCSC reports.

Mr Chichester continued: “It should remind critical infrastructure operators of the importance of protecting the sensitive information and intellectual property they hold on their systems to prevent theft and misuse.

“The NCSC, alongside our US and Korean partners, strongly encourage network defenders to follow the guidance set out in this advisory to ensure they have strong protections in place to prevent this malicious activity.”

Sharing the joint advisory on X, formerly known as Twitter, the NCSC wrote: “DPRK state-sponsored threat group Andariel has been compromising organisations to steal sensitive information and IP in order to further the regime’s military and nuclear ambitions.

“These malicious operations pose a threat to critical infrastructure organisations globally. UK network defenders should follow the latest advice to help detect and mitigate this activity.”

According to the advisory, Andariel began as a hacker group targeting the US and South Korea, but has since evolved to carry out specialised cyber espionage and ransomware strikes.