North Korean hackers have conducted a global cyber espionage campaign in efforts to steal classified military secrets to support Pyongyang’s banned nuclear weapons programme, the United States, Britain and South Korea said in a joint advisory on Thursday.
The hackers, dubbed Anadriel or APT45 by cybersecurity researchers, are believed to be part of North Korea’s intelligence agency known as the Reconnaissance General Bureau, an entity sanctioned by the U.S. in 2015.
The cyber unit has targeted or breached computer systems at a broad variety of defence or engineering firms, including manufacturers of tanks, submarines, naval vessels, fighter aircraft, and missile and radar systems, the advisory said.
Victims in the U.S. have also included the National Aeronautics and Space Administration (NASA), Randolph Air Force Base in Texas and Robins Air Force Base in Georgia, FBI and U.S. Justice Department officials said on Thursday.
In the February 2022 targeting of NASA, the hackers used a malware script to gain unauthorized access to its computer system for three months, U.S. prosecutors allege. Over 17 gigabytes of unclassified data were extracted.
“The authoring agencies believe the group and the cyber techniques remain an ongoing threat to various industry sectors worldwide, including but not limited to entities in their respective countries, as well as in Japan and India,” the advisory said.
North Korea, known formally as the Democratic People’s Republic of Korea (DPRK), has a long history of using covert hacking teams to steal sensitive military information.
To fund their operations, the hackers used ransomware to target U.S. hospitals and healthcare companies, U.S. officials allege.
On Thursday, the U.S. Justice Department said it had charged one suspect, Rim Jong Hyok, for conspiring to access computer networks in the United States and money laundering.
(Courtesy: Reuters)