The Seoul Metropolitan Police recently filed serious charges against the North Korean hacking group Andariel. According to them, this group carried out cyber attacks on several South Korean companies working in the field of defense. The main goal of the hackers was to steal secret information about anti-aircraft weapon systems. The police carried out a thorough investigation, during which the servers used by the hackers were seized, and mobile phones and laptops were searched and analyzed. One foreign woman, who is suspected of laundering money obtained from cyberattacks, also came to the attention of the police.
According to government officials, the Andariel group has ties to the North Korean intelligence agency and the notorious Lazarus group. The US imposed sanctions on the group in 2019 due to its involvement in cybercrimes and attacks on the South Korean government and infrastructure. Investigators found that the hackers stole about 1.2 terabytes of data, including technical information about anti-aircraft systems, as well as valuable information from research institutions and pharmaceutical companies. Some companies didn’t even know they were victims of cyber attacks.
The hackers used the South Korean company’s servers for their attacks, making 83 connections from central Pyongyang. Investigators also tracked ransoms paid through cryptocurrency platforms Binance and Bithumb, including significant sums that were transferred to Chinese bank accounts.
In addition, the group was found to have demanded ransom from three ransomware victims, receiving around $357,000 in bitcoins. The attacks prompted a joint warning from the UK and South Korea about possible attacks on supply chains by North Korean hackers.
This incident highlights the growing threat of cyber security, especially in the defense industry, and the need for international cooperation to counter such threats.