North Korea hackers targeting nuclear secrets, US and UK warn
The United States and the United Kingdom have issued a joint warning about a North Korean hacking group targeting nuclear secrets and other sensitive military information. The two nations, along with South Korea, believe the cyberattacks pose a serious threat to global security.
The hacking group, known as Andariel, is suspected of working on behalf of the North Korean government to advance its nuclear weapons program. The group has been targeting defense, aerospace, nuclear, and engineering organizations worldwide, seeking to steal classified information such as design blueprints, uranium enrichment processes, and missile technology.
Top organizations that have been targeted in the US include the National Aeronautics and Space Administration (NASA), Randolph Air Force Base in Texas, and Robins Air Force Base in Georgia.
In the case of NASA, the hackers used a malware script to gain unauthorized access to its computer system for three months, U.S. prosecutors allege. Over 17 gigabytes of unclassified data were extracted.
The US Federal Bureau of Investigation (FBI) and the UK’s National Cyber Security Centre (NCSC) have urged companies in the targeted sectors to be on high alert for cyberattacks. The agencies are advising organizations to strengthen their cybersecurity measures, including regularly updating software, being wary of phishing attempts, and backing up critical data.
"The authoring agencies believe the group and the cyber techniques remain an ongoing threat to various industry sectors worldwide, including but not limited to entities in their respective countries, as well as in Japan and India," the advisory read.
The joint warning comes as tensions between North Korea and the international community have escalated over Pyongyang’s nuclear and missile programs. The nation has a long history of using covert hacking teams to steal sensitive military information.
To fund their operations, the hackers use ransomware to target U.S. hospitals and healthcare companies.
Arresting the threat actors remains a major pain point for the US and allies since the criminals are protected by the government. Still, the U.S. Justice Department has said it’s pursuing one suspect, Rim Jong Hyok, believed to have been involved in a May 2021 ransomware attack on a Kansas-based hospital.
According to the indictment statement, the hospital paid the ransom in bitcoin, which was transferred to a Chinese bank and then withdrawn from an ATM in Dandong, China, next to the Sino-Korean Friendship Bridge which connects the city to Sinuiju, North Korea.
The FBI said they have seized some of the online accounts belonging to the hackers, including $600,000 in virtual currency that will be returned to victims of the ransomware attacks.