Britain, the United States and South Korea are afraid of North Korea's expected attacks and issued a warning over a North Korea-backed global cyber espionage campaign to further the country’s nuclear ambitions.
Law enforcement and intelligence agencies said that a group known as Andariel “has been compromising organisations around the world to steal sensitive and classified technical information and intellectual property data”.
Andariel has been identified as an arm of Pyongyang’s spy agency, and working “to further the regime’s military and nuclear ambitions”, the UK National Cyber Security Centre said.
Defence, aerospace, nuclear and engineering organisations have mainly been targeted, as well as medical and energy providers, some of which have been hit by ransomware attacks.
EDF pulls out of UK mini-nuclear reactor race
“The global cyber espionage operation that we have exposed today shows the lengths that DPRK-state-sponsored actors are willing to go to pursue their military and nuclear programmes,” said NCSC director of operations Paul Chichester, referring to the secretive communist state.
“It should remind critical infrastructure operators of the importance of protecting the sensitive information and intellectual property they hold on their systems to prevent theft and misuse.”
In a separate advisory, the US Federal Bureau of Investigation said Andariel, which is known by a variety of names, “remain(s) an ongoing threat to various industry sectors worldwide”.
The group has exploited vulnerabilities in software to launch cyberattacks, including malware and phishing to gain access to sensitive data and information.
It urged companies involved in defence, aerospace, nuclear and engineering sectors “to remain vigilant in defending their networks from North Korea-state-sponsored cyber operations”.
The FBI said Andariel had been trying to obtain information such as specifications and design drawings for uranium processing and enrichment as well as missiles and missile defence systems.