North Korean hackers have launched a widespread cyber espionage campaign aimed at stealing sensitive military secrets to support Pyongyang’s banned nuclear weapons program, according to a joint advisory from the United States, Britain, and South Korea released on Thursday.
The hackers, identified as Anadriel or APT45, are believed to be affiliated with North Korea’s Reconnaissance General Bureau, an intelligence agency that has been under U.S. sanctions since 2015. This cyber unit has successfully breached various defense and engineering firms worldwide, including manufacturers of tanks, submarines, naval vessels, fighter jets, and missile systems.
In the U.S., targets included NASA, Randolph Air Force Base in Texas, and Robins Air Force Base in Georgia. Notably, in February 2022, the hackers used malware to access NASA’s computer systems for three months, extracting over 17 gigabytes of unclassified data.
The advisory highlights that the group continues to pose a significant threat to various industry sectors globally, affecting not just the U.S., but also entities in Japan and India. North Korea, formally known as the Democratic People’s Republic of Korea (DPRK), has a history of employing covert hacking teams to acquire sensitive military information.
In addition to their cyber espionage efforts, the hackers have used ransomware to target U.S. hospitals and healthcare companies. U.S. officials have charged Rim Jong Hyok, a suspect in these operations, with conspiracy and money laundering. One notable case involves a ransomware attack on a Kansas-based hospital in May 2021, where the hackers encrypted servers and demanded ransom paid in Bitcoin. This Bitcoin was subsequently transferred to a Chinese bank and withdrawn from an ATM in Dandong, China, near the North Korean border.
The FBI is offering a reward of up to $10 million for information leading to Rim Jong Hyok’s arrest, though he is believed to be in North Korea. Additionally, the FBI has seized some of the hackers’ online assets, including $600,000 in virtual currency, which will be returned to the victims of the ransomware attacks.
Paul Chichester from Britain’s National Cyber Security Centre emphasized that this global cyber espionage operation demonstrates the extreme measures North Korean state-sponsored actors are willing to take to advance their military and nuclear programs.
This recent advisory underscores the growing concerns about North Korea’s cyber capabilities and the potential implications for international security.
