A North Korean hacking outfit has targeted organizations around the world to steal sensitive and classified information, British, American, and South Korean intelligence agencies have claimed in a joint advisory.
The National Cyber Security Center (NCSC), part of the British GCHQ intelligence agency, issued Thursday’s warning along with the American FBI, NSA, and Pentagon, as well as the South Korean national intelligence and police agencies.
“The global cyber espionage operation that we have exposed today shows the lengths that DPRK state-sponsored actors are willing to go to pursue their military and nuclear programs,” NCSC director of operations Paul Chichester said in a statement.
According to the advisory, a group of hackers called Andariel has gone after defense, aerospace, nuclear, and engineering agencies in South Korea, the UK, and US. It has also allegedly hacked hospitals and healthcare organizations in the US in order to extort money to fund further espionage.
The US Department of State has offered a reward of up to $10 million for information leading to the arrest of Rim Jong Hyok, who is said to be associated with Andariel. The US government believes Andariel has targeted five American healthcare providers, four military contractors, two US Air Force bases, and the NASA office of inspector-general (OIG).
The NCSC believes that Andariel is part of the third directorate of North Korea’s Reconnaissance General Bureau, and poses “an ongoing threat” to critical infrastructure globally.
Andariel was first identified in 2017 by Kaspersky and South Korea’s Financial Security Institute (FSI). At the time, they described the group as being focused on attacking South Korean businesses and government agencies and interested mainly in profit.