NCSC and Allies Reveal North Korean Cyber Spies Stealing Military and Nuclear Secrets

Britain has uncovered a global cyber espionage campaign conducted by attackers sponsored by the Democratic People’s Republic of Korea (DPRK).

The campaign aimed to steal military and nuclear secrets from organizations worldwide.

The National Cyber Security Centre (NCSC) – part of GCHQ – issued a new advisory, along with partners in the United States and the Republic of Korea. The advisory reveals that a cyber threat group known as Andariel has been infiltrating organisations worldwide to steal sensitive and classified technical information and intellectual property.

The NCSC assesses that Andariel is part of the DPRK’s Reconnaissance General Bureau (RGB) 3rd Bureau and that their malicious cyber activities pose a persistent threat to critical infrastructure globally.

The cyber actors have mainly targeted defence, aerospace, nuclear, and engineering entities, as well as the medical and energy sectors to a lesser extent, seeking information such as contract specifications, design drawings, and project details.

Andariel has also conducted ransomware attacks against US healthcare organisations to extort payments and fund further espionage activities.

This advisory provides technical details and mitigation advice to help defend against the actors who exploit known vulnerabilities to access victims’ systems, deploy malware, and use other tools to maintain persistence, evade detection, and exfiltrate data.

The advisory details how Andariel has evolved from conducting destructive attacks targeting US and South Korean organisations to specialised cyber espionage and ransomware operations.

It warns that the actors have sometimes launched ransomware and espionage attacks on the same day, targeting the same victim.

Andy Ward, VP International of Absolute Security said: “The latest advisory from the NCSC and its international partners is deeply concerning. The revelation that North Korean state-sponsored actors, particularly the Andariel group, are aggressively targeting critical infrastructure and sensitive sectors such as defence, aerospace, nuclear, and healthcare is a strong reminder of the evolving cyber threat landscape.

Findings from our Cyber Resilience Reports highlights that Half (47 per cent) of businesses reported an increase in the volume of state-sponsored cyber threats over the past year, amid rising geopolitical tension and NCSC warnings. A defence strategy built on cyber resilience can ensure security teams have continuous visibility over networks, devices and applications to detect suspicious behaviour, while providing response protocols to prevent cybercriminals breaching the entirety of a network.”