N. Korean hacker group Andariel steals S. Korean defense secrets
gettyimagesbank
By Lee Hae-rinNorth Korean hacking group Andariel has stolen around 1.2 terabytes of tech information by compromising dozens of South Korean defense companies and has transferred some 470 million won ($360,000) in bitcoin ransoms to North Korea, Seoul's police said, Monday.
According to the Seoul Metropolitan Police Agency, the cyberattackers accessed South Korean companies 83 times from Pyongyang’s Ryugyong-dong between December 2022 and March this year via South Korean hosting services that rent servers to unidentified clients.
Police added that its national security investigation bureau is looking into the problem with the U.S. Federal Bureau of Investigation (FBI).
Ryugyong-dong is a downtown area of Pyongyang where the landmark Ryugyong Hotel is located, as well as the Internet Communication Bureau headquarters and the Pyongyang Information Center.
Andariel attacked dozens of South Korean companies in the defense, financial, security and communication industries as well as research centers and universities and stole some critical technical data on anti-aircraft lasers and the companies’ server login and user information.
Police found that a total of around 1.2 terabytes of data was stolen and disclosed the names of companies that were subject to the cyberattacks. Many of them had not noticed the intrusions, while some others chose not to report the problem to the police over fears of losing credibility in the defense and technology industries.
Andariel attained around 470 million won worth of bitcoins from three South Korean companies in its ransomware distribution tactics, some of which is expected to have already been transferred to North Korea, police said.
Earlier last month, South Korea’s National Cyber Security Center under the National Intelligence Service (NIS) and Britain’s Government Communications Headquarters jointly issued a warning against North Korea’s cyberattacks on software supply chains commonly used by companies and individuals.
The NIS said it enacted measures with related authorities earlier this year to prevent further cyberattacks.
The sanctions-hit nation is known to carry out a range of cybercrimes as a source of revenue generation.
Last year, North Korea-backed hackers stole $1.7 billion worth of cryptocurrency, according to U.S.-based blockchain analysis firm Chainalysis. The figure nearly quadruples the reclusive country’s previous record of $429 million.
This year, however, North Korea stole some $340 million worth of cryptocurrencies during the first three quarters, which amounts to a third of the total losses reported globally, but is still less than the total from the previous year, according to a recent report by Kim Bo-mi from the Institute for National Security Strategy.
Kim said North Korea appears to be diversifying its cybercrime tactics amid the dropping value of cryptocurrencies and U.S. interest rate hikes, while depending on Russian exchanges to cash in its cryptocurrencies.
The police plan to continue investigating additional cases, as well as similar cyberattacks and the hosting services connected to the cybercrime.