Cyber Threat Radar – A joint advisory issued last week by the United States, Britain, and South Korea revealed that North Korean hackers have been engaged in a worldwide cyber espionage campaign to obtain classified military information to assist Pyongyang’s prohibited nuclear weapons program.
The group of hackers, identified as Anadriel or APT45 by cybersecurity experts, is suspected to be affiliated with North Korea’s Reconnaissance General Bureau, a U.S. sanctioned intelligence agency since 2015.
Infiltrating Defense And Engineering Companies
The cyber team has focused on infiltrating computer networks of numerous defense and engineering companies, such as those involved in the production of tanks, submarines, warships, fighter jets, as well as missile and radar technologies, according to the report.
The National Aeronautics and Space Administration (NASA), Randolph Air Force Base in Texas, and Robins Air Force Base in Georgia have also been identified as victims in the U.S., according to officials from the FBI and U.S. Justice Department.
17 Gigabytes Of Data Stolen
In February 2022, NASA was targeted by hackers who allegedly used a malware script to illegally access the agency’s computer system for a period of three months. According to U.S. prosecutors, more than 17 gigabytes of unclassified data were stolen.
The advisory states, “The authoring agencies believe the group and the cyber techniques remain an ongoing threat to various industry sectors worldwide, including but not limited to entities in their respective countries, as well as in Japan and India.”
North Korea, officially known as the Democratic People’s Republic of Korea (DPRK), has a well-documented track record of employing clandestine hacking groups to pilfer confidential military data on a global scale.
Hackers Resorted To Utilizing Ransomware
Allegations from U.S. authorities suggest that the hackers resorted to utilizing ransomware to extort funds from American hospitals and healthcare organizations to finance their activities.
The U.S. Justice Department announced on Thursday that Rim Jong Hyok has been charged with conspiring to access computer networks in the United States and money laundering. Rim is accused of being involved in a ransomware attack against a Kansas-based hospital in May 2021, where the hospital paid a ransom in bitcoin. The money was then transferred to a Chinese bank and withdrawn from an ATM in Dandong, China, near the Sino-Korean Friendship Bridge connecting the city to Sinuiju, North Korea, according to the indictment.
The FBI announced a reward of up to $10 million for any information that could result in the arrest of Rim, who is suspected to be in North Korea. Additionally, officials from the FBI and Justice Department revealed on Thursday that they have taken control of certain online accounts linked to the hackers, recovering $600,000 in virtual currency to be returned to the victims of the ransomware attacks.
Last August, a select group of North Korean hackers had managed to infiltrate the systems at NPO Mashinostroyeniya, a rocket design bureau located in Reutov, a small town on the outskirts of Moscow.
Like the previous hack, APT45, a division of North Korea’s Reconnaissance General Bureau intelligence agency, employed standard phishing methods and computer vulnerabilities to deceive officials at the targeted companies into providing access to their internal computer systems, as stated in last week’s advisory.
Extreme Measures Taken By DPRK
“The revelation of a worldwide cyber espionage campaign highlights the extreme measures taken by DPRK state-sponsored hackers to advance their military and nuclear initiatives,” commented Timothy Jenkins, Head of Cyber Defense Research, SentryBay. “SentryBay aids governments, global organizations and enterprises in fortifying their defenses against rapidly growing state-sponsored threats. With our Armored Client solution, users can operate securely within a zero-trust environment, safeguarding productivity without compromising privacy or user experience.”