North Korean Hackers Conduct Global Cyber Espionage Campaign Targeting Military Secrets

North Korean hackers have conducted a global cyber espionage campaign to steal classified military secrets in support of Pyongyang’s banned nuclear weapons program. According to a joint advisory released on Thursday by the United States, Britain, and South Korea. The cyber unit, known as Anadriel or APT45 by cybersecurity researchers, is believed to be part of North Korea’s Reconnaissance General Bureau, an intelligence agency sanctioned by the US in 2015.

 

Targeted Organizations and Methods

The advisory details how the hackers have targeted or breached computer systems at a wide range of defense and engineering firms, including manufacturers of tanks, submarines, naval vessels, fighter aircraft, and missile and radar systems. High-profile victims in the US include the National Aeronautics and Space Administration (NASA), Randolph Air Force Base in Texas, and Robins Air Force Base in Georgia.

In one notable incident, US prosecutors allege that the hackers used a malware script in February 2022 to gain unauthorized access to NASA’s computer system for three months, extracting over 17 gigabytes of unclassified data. The joint advisory warns that the group and their cyber techniques remain an ongoing threat to various industry sectors worldwide, including entities in Japan and India.

 

Financial Motivations and Legal Actions

To fund their operations, North Korean hackers have also used ransomware to target US hospitals and healthcare companies. The US Justice Department announced charges against one suspect, Rim Jong Hyok, for conspiring to access computer networks in the United States and money laundering. One of the ransomware incidents linked to Rim involved a May 2021 hack against a Kansas-based hospital, which paid a ransom after the hackers encrypted four of its computer servers. The payment, made in bitcoin, was transferred to a Chinese bank and then withdrawn from an ATM in Dandong, China, near the Sino-Korean Friendship Bridge connecting the city to Sinuiju, North Korea.

The FBI has offered a reward of up to $10 million for information leading to Rim’s arrest, believing him to be in North Korea. U.S. officials also reported the seizure of some online accounts belonging to the hackers, including $600,000 in virtual currency that will be returned to victims of the ransomware attacks.

 

International Impact and Ongoing Threat

Paul Chichester, a representative from Britain’s National Cyber Security Centre, part of the GCHQ spy agency, emphasized the severity of the situation: “The global cyber espionage operation that we have exposed today shows the lengths that DPRK state-sponsored actors are willing to go to pursue their military and nuclear programs.”

In August of the previous year, Reuters exclusively reported that an elite group of North Korean hackers had successfully breached systems at NPO Mashinostroyeniya, a rocket design bureau based in Reutov, on the outskirts of Moscow. The hackers used common phishing techniques and computer exploits to trick officials at targeted firms into granting access to their internal computer systems, as detailed in Thursday’s advisory.

The joint advisory from the United States, Britain, and South Korea underscores the ongoing threat posed by North Korean cyber operations and calls for heightened vigilance across affected sectors worldwide.