US and Allied Nations Accuse North Korean Hackers of Military Secrets Theft
Quick Summary
- Hackers from North Korea, referred to as Anadriel or APT45, targeted global military intelligence.
- This group is thought to be connected to North Korea’s Reconnaissance General Bureau.
- Their cyberattacks hit NASA, US Air Force Bases, and other defense companies.
- Ransomware was utilized to finance their activities, including attacks on US hospitals.
- Rim Jong Hyok, one of the hackers, has been charged by the US Justice Department.
- The FBI offers a reward of $15.3 million for information leading to Rim’s capture.
- Ongoing cyber espionage efforts remain a global risk.
Overview of North Korean Cyber Espionage
Cybersecurity analysts have identified North Korean hackers as Anadriel or APT45, believed to belong to the country’s Reconnaissance General Bureau, its intelligence arm. This organization has engaged in extensive global cyber espionage aimed at acquiring classified military information to bolster Pyongyang’s prohibited nuclear weapons development, per a collaborative alert from the US, UK, and South Korea.
Targeted Industries and Effects
The hackers have focused their efforts on a wide range of defense and engineering companies, including those developing tanks, submarines, naval vessels, fighter jets, missiles, and radar systems. Notable victims encompass NASA, Randolph Air Force Base in Texas, and Robins Air Force Base in Georgia. In February 2022, the hackers accessed NASA’s systems for three months, siphoning off over 17 gigabytes of unclassified data.
Global Risk and Techniques
The alert highlights that APT45 continues to present a considerable threat across multiple sectors globally, impacting organizations in Japan and India as well. North Korea, officially named the Democratic People’s Republic of Korea (DPRK), has a record of deploying covert hacking teams to exfiltrate sensitive military intelligence.
Their techniques include common phishing tactics and software exploits, manipulating officials into disclosing access to internal networks. This was demonstrated in a report from Reuters in August, detailing how North Korean hackers compromised systems at NPO Mashinostroyeniya, a rocket design organization situated near Moscow.
Ransomware as a Funding Mechanism
In order to finance their activities, the hackers implemented ransomware strategies targeting US hospitals and healthcare organizations. One notable occurrence involved a hospital in Kansas that paid a ransom in bitcoin, which was then laundered through a Chinese bank and subsequently withdrawn from an ATM in Dandong, China. The FBI has confiscated $600,000 in cryptocurrency from the hackers’ accounts, which will be returned to the affected parties.
Legal Charges and Rewards
The US Justice Department has implicated Rim Jong Hyok in connection with conspiracy to illegally access US computer systems and for money laundering. The FBI is promising a reward of up to $15.3 million for tips that could lead to Rim’s apprehension. It is believed he resides in North Korea.
Conclusion
North Korean hackers, known as Anadriel or APT45, face allegations of executing a worldwide cyber espionage initiative to steal classified military information. This operation supports Pyongyang’s illicit nuclear armament efforts. The group’s actions have targeted various prominent entities, including NASA and US Air Force installations. By leveraging ransomware for financial gains, they maintain an ongoing global threat. The US Justice Department has charged one individual, while the FBI presents a significant reward for information leading to his capture.
Frequently Asked Questions
Q: Who are the identified hackers in the cyber espionage initiative?
A:
The hackers, recognized as Anadriel or APT45, are linked to North Korea’s Reconnaissance General Bureau.
Q: What was the main goal of the hacking efforts?
A:
The goal was to secure classified military information to bolster North Korea’s unauthorized nuclear weapons initiatives.
Q: Which significant organizations were affected by the hackers?
A:
The hackers targeted NASA, Randolph Air Force Base in Texas, Robins Air Force Base in Georgia, as well as numerous defense and engineering firms.
Q: How did the hackers finance their operations?
A:
They utilized ransomware to target US hospitals and healthcare organizations, demanding ransom payments in bitcoin.
Q: What measures have been taken against the hackers?
A:
The US Justice Department has charged one individual, Rim Jong Hyok, while the FBI offers a $15.3 million reward for information leading to his capture.
Q: Do the hackers still pose a threat?
A:
Yes, the advisory cautions that the group and their methods continue to represent a significant risk across various global industry sectors.