Kim Jong Un, the North Korean leader. The goal of the North Korean-backed hacking group is said to be to steal information about US military technology -
A North Korean hacking group stole secrets about satellites and warplanes from Nasa, US air bases and defence contractors, the FBI has revealed, as it launched a hunt to catch the perpetrators.
The US government is offering a $10 million reward for information leading to the identity of hackers targeting American national security assets, including nuclear secrets and information about missiles, submarines and drones.
On Thursday, the US and UK published joint guidance for facilities that could be attacked by Andariel, a “malicious cyber group” controlled by North Korea’s military intelligence agency, the Reconnaissance General Bureau.
The US State Department said a North Korean national named Rim Jong Hyok was linked to the group, and had hacked into US hospitals and other healthcare providers to extort ransoms to fund its cyber attacks.
The goal of the group was to steal information from American and foreign defence contractors, who build military technology, the State Department said.
Hackers had access to Nasa system for three months
The hackers gained access to Nasa’s computer system for more than three months, extracting more than 17 gigabytes of unclassified data, according to an indictment of Mr Rim.
They also accessed computer systems of defence companies in Michigan and California, and air bases in Texas and Georgia, US authorities said.
“While North Korea uses these types of cyber crimes to circumvent international sanctions and fund its political and military ambitions, the impact of these wanton acts have a direct impact on the citizens of Kansas,” said Stephen Cyrus, an FBI agent based in Kansas City.
One US contractor was hacked in November 2022, and lost more than 30 gigabytes of data, including “unclassified technical information regarding material used in military aircraft and satellites”. Much of the information secured was more than 14 years old.
Mr Rim has been placed on the FBI’s most wanted list, and is charged with conspiracy to commit computer hacking and money laundering. Any information leading to him, Andariel or its associates carries a $10 million reward.
The Andariel group is one of several foreign hacking cells with links to North Korea or China that has been uncovered by US and UK law enforcement agencies in recent months.
In March, the FBI and UK National Cyber Security Centre (NCSC) traced attacks by APT 31, a Chinese group that launched attacks on email accounts belonging to MPs and US government officials and campaign staff.
National security threat is ‘broad and unrelenting’
The latest disclosure comes after Christopher Wray, the director of the FBI, said hacks from Chinese and other foreign groups posed a “broad and unrelenting” threat to US national security.
Ken McCallum, the director of MI5, said last year that his agency had more than doubled its work against Chinese activity in the last three years, and would double it again.
A briefing note released by the FBI and NCSC on Thursday said the North Korean hackers were based in Pyongyang and Sinuijuhad, and gained access to computer systems owned by defence contractors and healthcare providers by exploiting known vulnerabilities in software used by the companies.
The agencies released a wide-ranging list of targets in the nuclear, defence, aerospace and engineering sectors. The hackers have tried to steal secrets linked to fighter aircraft, missiles, satellites, shipbuilding, uranium enrichment and nuclear power plants.
Healthcare companies were targeted for confidential contracts, design drawings and project details. The group also encrypted computers and refused to unlock them unless they were paid, in an attack known as “ransomware”.
Paul Chichester, the NCSC director of operations, said: “The global cyber espionage operation that we have exposed today shows the lengths that DPRK state-sponsored actors are willing to go to pursue their military and nuclear programmes.
“It should remind critical infrastructure operators of the importance of protecting the sensitive information and intellectual property they hold on their systems to prevent theft and misuse.”
The agencies encouraged companies working on critical national infrastructure to update computer systems with security patches.
They said the hackers often made mistakes in their code, “indicating that the commands are not directly copied from a playbook and the actors have a flexible and impromptu approach” and a “poor grasp of the English language”.
Once gaining access, the group deployed “malware and other tools to maintain persistence, evade detection and exfiltrate data”.
AfriPrime App link: FREE to download...
https://www.amazon.com/Africircle-AfriPrime/dp/B0D2M3F2JT
North Korea hackers trying to steal nuclear secrets, US and UK warn
North Korean hackers are attempting to steal nuclear and military secrets from governments and private companies around the world, the UK, US and South Korea have warned.
They say the group - known by the names Andariel and Onyx Sleet - is targeting defence, aerospace, nuclear and engineering entities to obtain classified information, with the aim of advancing Pyongyang’s military and nuclear programs and ambitions.
The group has been seeking information in a wide range of areas - from uranium processing to tanks, submarines and torpedoes - and has targeted the UK, US, South Korea, Japan, India and elsewhere.
US air force bases, Nasa and defence companies are said to have been targeted.
The high-profile warning about this specific group appears to be a sign that its work combining espionage and money-making activity is worrying officials because of its impact both on sensitive technology and every-day life.
The US says the group funds its espionage activity through ransomware operations against US healthcare entities.
Paul Chichester, director of operations for the UK’s National Cyber Security Centre (NCSC), an arm of GCHQ, said: "The global cyber espionage operation that we have exposed today shows the lengths that DPRK state-sponsored actors are willing to go to pursue their military and nuclear programmes.
“It should remind critical infrastructure operators of the importance of protecting the sensitive information and intellectual property they hold on their systems to prevent theft and misuse."
The NCSC assesses that Andariel is a part of North Korea's Reconnaissance General Bureau (RGB) 3rd Bureau.
The joint warning issued by the US, UK and South Korea shares advice to help defend against North Korean actors, which it says have also been seeking information on robot machinery, mechanical arms, and 3D printing components.
“This indictment showcases that North Korean threats groups also pose a serious threat to citizens’ everyday lives and can’t be ignored or disregarded,” Michael Barnhart, Mandiant Principal Analyst at Google Cloud said.
“Their targeting of hospitals to generate revenue and fund their operations demonstrates a relentless focus on fulfilling their priority mission of intelligence gathering, regardless of the potential consequences it may have on human lives.”
This is just the latest in a series of warnings about North Korean hackers over the years.
Some of the most high profile cyber incidents have been linked to the country, including an attack on Sony Pictures in 2014 in retaliation for a Hollywood comedy film that depicted the assassination of North Korean leader Kim Jong Un.
North Korea is also known for the activities of Lazarus Group which has carried out major thefts of millions of dollars.
AfriPrime App link: FREE to download...
Chinese
Arabic
French
Spanish
Portuguese
Deutsch
Turkish
Dutch
Italiano
Russian
Romaian
Portuguese (Brazil)
Greek